Post

Manpower Data Breach: 144,180 Individuals Affected by RansomHub Ransomware Attack

Global staffing firm Manpower suffered a RansomHub ransomware attack in January 2025, compromising the personal data of 144,180 individuals. Learn about the breach timeline, response measures, and the implications of this cybersecurity incident.

Posted
By Vitus White
3 min read
Manpower Data Breach: 144,180 Individuals Affected by RansomHub Ransomware Attack

TL;DR

  • Manpower, a global staffing and workforce solutions firm, experienced a RansomHub ransomware attack in January 2025, exposing the personal data of 144,180 individuals.
  • The breach occurred between December 29, 2024, and January 12, 2025, with attackers stealing sensitive information, including IDs, SSNs, financial records, and HR analytics.
  • Manpower secured its systems, notified affected individuals, and offered 24 months of free credit monitoring and identity theft protection.

Manpower Data Breach: RansomHub Ransomware Attack Exposes 144,180 Individuals

Overview of the Incident

Global staffing firm Manpower, headquartered in Lansing, Michigan, confirmed a ransomware attack that disrupted its systems on January 20, 2025. The attack, attributed to the RansomHub ransomware group, resulted in the compromise of personal data belonging to 144,180 individuals.

The company launched an immediate investigation with the assistance of external cybersecurity experts and notified the FBI about the incident. According to Manpower’s data breach notification, threat actors gained unauthorized access to the company’s network between December 29, 2024, and January 12, 2025. During this period, attackers potentially acquired files containing sensitive personal information.

Timeline of the Breach

  • December 29, 2024 – January 12, 2025: Attackers gained unauthorized access to Manpower’s network.
  • January 20, 2025: Manpower detected an IT outage and promptly contained the incident.
  • January 22, 2025: The RansomHub ransomware group claimed responsibility for the attack, alleging the theft of 500 GB of data, including client and corporate information.
  • July 28, 2025: Manpower notified affected individuals about the potential exposure of their personal data.

Data Compromised in the Breach

The stolen data included:

  • Personally Identifiable Information (PII): Names, addresses, and Social Security Numbers (SSNs).
  • Financial Records: Banking details and payment information.
  • HR Analytics: Employee records and contractual agreements.
  • Corporate Data: Internal documents and business contracts.

The RansomHub group initially listed Manpower on its Tor leak site but later removed the entry, suggesting a potential ransom payment.

Manpower’s Response and Mitigation Measures

To address the breach, Manpower took the following steps:

  1. Secured Systems: Strengthened its IT infrastructure to prevent further unauthorized access.
  2. Enhanced Security: Implemented additional cybersecurity measures to protect against future attacks.
  3. Notification and Support: Informed affected individuals and offered 24 months of free Equifax credit monitoring, identity theft protection, and recovery services.

About RansomHub

RansomHub is a ransomware-as-a-service (RaaS) group that emerged in February 2024. Previously known as Cyclops and Knight, the group has targeted high-profile organizations, including:

The group is known for its double-extortion tactics, where it encrypts data and threatens to leak it unless a ransom is paid.

Why This Breach Matters

The Manpower data breach highlights the growing threat of ransomware attacks targeting large corporations. It underscores the importance of:

  • Proactive cybersecurity measures, such as regular system audits and employee training.
  • Incident response plans to minimize damage and restore operations quickly.
  • Transparency and communication with affected parties to maintain trust and compliance with data protection regulations.

Conclusion

The Manpower data breach serves as a stark reminder of the persistent and evolving cyber threats faced by organizations worldwide. As ransomware groups like RansomHub continue to refine their tactics, businesses must prioritize cybersecurity resilience to safeguard sensitive data and maintain operational integrity.

For updates on this incident and further cybersecurity insights, follow @securityaffairs on Twitter, Facebook, and Mastodon.

Additional Resources

For further insights on ransomware and data breaches, explore:

Cybersecurity & Data Protection, Data Breaches
ransomware data breach cybersecurity
This post is licensed under CC BY 4.0 by the author.