Manpower discloses data breach affecting nearly 145,000 people

Manpower, one of the world's largest staffing companies, is notifying nearly 145,000 individuals that their information was stolen by attackers who breached the company's systems in December 2024.

Together with Experis and Talent Solutions, the company is part of ManpowerGroup, a multinational corporation with over 600,000 workers in more than 2,700 offices and serving over 100,000 clients worldwide. Last year, ManpowerGroup reported revenues of $17.9 billion and a total gross profit of $3.1 billion.

According to a data breach filing with the Office of Maine's Attorney General this week, Manpower is now alerting 144,189 individuals who were impacted by a data breach after undisclosed attackers gained access to the company's systems in late December.

The company detected the incident while investigating an IT systems outage at a Lansing, Michigan, franchise on January 20.

"Through that investigation, we learned of information suggesting that an unknown actor gained unauthorized access to our network between December 29, 2024 and January 12, 2025 and potentially acquired certain files, some of which may have contained certain individuals' personal information," Manpower says in breach notification letters sent to affected individuals.

"On or about July 28, 2025, Manpower of Lansing learned that your personal information may have been involved in connection with the incident which is the reason for this notification."

After discovering the incident, the company states that it has strengthened its IT security to prevent future breaches and is now working with the FBI to hold the attackers accountable.

Manpower is also offering those affected by this data breach free credit monitoring and identity theft protection services through Equifax.

Attack claimed by RansomHub ransomware

While the company has yet to attribute the attack to a specific threat actor or cybercrime group, the RansomHub ransomware operation claimed responsibility for the attack in January, after Manpower stated that it had discovered the breach.

The ransomware gang claimed to have stolen approximately 500GB of data from Manpower's compromised systems, containing a wide range of client and corporate information.

​As the attackers said, the stolen files contained databases of clients, including personal and corporate data (passport scans, IDs, SSNs, addresses, contact information, test results, and other data), years of corporate correspondence, financial statements, HR data analytics, as well as confidential contracts and non-disclosure agreements.

RansomHub has since removed the Manpower entry from its dark web leak site, suggesting that the company may have paid a ransom to have the data deleted.

The RansomHub ransomware-as-a-service (RaaS) operation (previously known as Cyclops and Knight) surfaced in February 2024 and has since claimed many high-profile victims, including oil services giant Halliburton, the Rite Aid drugstore chain, Kawasaki's EU division, the Christie's auction house, US telecom provider Frontier Communications, the Planned Parenthood sexual health nonprofit, and the Bologna Football Club.

This ransomware gang also leaked Change Healthcare's stolen data after the most significant healthcare breach in recent years, impacting over 190 million individuals, and the BlackCat/ALPHV ransomware operation's exit scam.

One year ago, the FBI said RansomHub affiliates had breached over 200 critical infrastructure organizations in the United States as of August 2024.

A ManpowerGroup spokesperson didn't provide more details when BleepingComputer reached out regarding the information exposed in the breach and RansomHub's claims, but stated that the incident didn't impact ManpowerGroup's corporate network. 

"Earlier this year we were made aware that an independently owned and operated Manpower franchise in Lansing was impacted by a ransomware attack. This franchise operates on an independent data platform, making this an isolated incident where no ManpowerGroup corporate systems were affected," the spokesperson told BleepingComputer.

"All those impacted by the Lansing breach have been informed. ManpowerGroup is counseling the franchisee and supporting their efforts, while the franchisee manages the direct response."

Update August 13, 07:14 EDT: Added ManpowerGroup statement.