Global staffing and workforce solutions firm Manpower reports a January RansomHub ransomware attack that compromised data of 140,000 individuals.
Manpower in Lansing, Michigan, reported that the ransomware attack that disrupted its systems on January 20, 2025, resulted in a breach that impacted 144,180 individuals.
The company launched an investigation into the incident with the help of external cybersecurity experts and notified the FBI.
The attackers stole files containing personal information of the impacted individuals.
Threat actors gained access to Manpower’s network between December 29, 2024, and January 12, 2025.
“On January 20, 2025, we experienced an IT outage that disrupted access to certain local systems. After detecting and promptly containing the incident, we launched an investigation with the support of external cybersecurity experts to learn more about the scope of the incident and any impact to data. Through that investigation, we learned of information suggesting that an unknown actor gained unauthorized access to our network between December 29, 2024 and January 12, 2025 and potentially acquired certain files, some of which may have contained certain individuals’ personal information.” reads the data breach notification sent to the impacted individuals. “On or about July 28, 2025, Manpower of Lansing learned that your personal information may have been involved in connection with the incident which is the reason for this notification.”
Manpower of Lansing announced it had secured its systems and enhanced the security of its infrastructure. The company is offering affected individuals up to 24 months of free Equifax credit monitoring, identity theft protection, and recovery services.
The data breach notification letter did not provide technical details about the attack, however, the RansomHub ransomware group claimed responsibility for the attack on Manpower. The ransomware gang added the company to its Tor leak site on January 22, claiming the theft of 500 GB of data, including client and corporate data (IDs, SSNs, financials, HR analytics, and contracts). The RansomHub group later removed the leak, suggesting a ransom may have been paid by the victim.
RansomHub, a ransomware-as-a-service group formerly known as Cyclops and Knight, emerged in February 2024 and has hit major targets like Halliburton, Patelco Credit Union, and Christie’s.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Manpower)
