Manpower has confirmed a significant data breach affecting one of its independent franchises after a prolific ransomware threat group claimed to have exfiltrated the entire company’s data.
Milwaukee, Wisconsin-based ManpowerGroup is the third-largest global staffing firm, after Swiss Adecco and Dutch Randstad NV.
With over 3,500 offices in more than 80 countries and territories worldwide, the staffing giant employs over 600,000 people and serves over 100,000 clients with an annual revenue of over $17.9 billion in 2024.
According to written data breach notifications sent to impacted individuals, Manpower learned that an unauthorized entity accessed its network between December 29, 2024, and January 12, 2025.
The staffing giant further disclosed that the threat actor potentially copied certain files containing personally identifying information belonging to nearly 145,000 people.
Manpower data breach impacts nearly 145,000 people
Around January 20, 2025, Manpower launched an investigation after detecting system outages in one of its Lansing, Michigan, franchises caused by a ransomware attack.
Around July 28, 2025, the probe determined that the threat actor had exfiltrated the franchise’s client personal information.
“On or about July 28, 2025, Manpower of Lansing learned that your personal information may have been involved in connection with the incident which is the reason for this notification,” the staffing giant stated.
The impacted franchise responded by enhancing its cyber defenses and working with external cyber forensics and the Federal Bureau of Investigation (FBI) to investigate the data breach and hold the culprits accountable.
According to a data breach notification filed with the Office of the Maine Attorney General, the personal information of 144,189 people was compromised during the attack. Manpower said the data breach leaked the victim’s names and other personal details.
However, the threat actor claims to have obtained extensive information, including the victims’ passport scans, IDs, Social Security Numbers (SSNs), addresses, contact information, test results, financial statements, Human Resources analytics data, and confidential information, including non-disclosure agreements.
Manpower is offering 12 months of free credit monitoring and identity theft protection services via Equifax to protect the impacted clients from fraud.
The staffing giant is also assisting the impacted franchise in directly responding to the data breach. It is also enhancing its security systems to prevent a similar data breach in the future.
RansomHub ransomware group takes credit for Manpower data breach
While the staffing giant has not attributed the cyber attack to any threat group, the prolific ransomware group RansomHub took credit for the Manpower of Lansing data breach.
The ransomware gang claims to have stolen over 500 GB of the staffing giant’s data, including both client and corporate information.
However, Manpower disputes the allegation, claiming that the data breach was limited to the individual Lansing franchise, and its internal systems were not compromised.
Nevertheless, RansomHub mysteriously removed ManPower from its data leak site, suggesting that the staffing firm had paid a ransom to prevent the stolen data from leaking online. However, the staffing firm remains tight-lipped on whether it had paid the ransom.
RansomHub is a ransomware-as-a-service operation that has victimized over 200 critical infrastructure organizations by August 2024, according to a joint cybersecurity alert by the FBI, CISA, MS-ISAC, and the HHS.
