Manpower, one of the world’s largest staffing firms, is informing nearly 145,000 individuals that their personal data was compromised after attackers infiltrated its systems in December 2024.
The company, which operates globally under ManpowerGroup alongside Experis and Talent Solutions, employs over 600,000 workers across 2,700 offices and serves more than 100,000 clients worldwide. In 2024, ManpowerGroup reported $17.9 billion in revenue and $3.1 billion in gross profit.
According to a disclosure filed with the Maine Attorney General’s Office this week, 144,189 individuals were affected by the breach. Manpower discovered the incident while investigating an IT outage at its Lansing, Michigan, franchise on January 20.
"Through that investigation, we learned of information suggesting that an unknown actor gained unauthorized access to our network between December 29, 2024 and January 12, 2025 and potentially acquired certain files, some of which may have contained certain individuals' personal information," Manpower wrote in notification letters sent to victims. "On or about July 28, 2025, Manpower of Lansing learned that your personal information may have been involved in connection with the incident which is the reason for this notification."
Following the attack, the company says it has enhanced its IT security measures and is collaborating with the FBI. Those affected are being offered free credit monitoring and identity theft protection services through Equifax.
Although Manpower has not publicly attributed the breach to any group, the RansomHub ransomware operation claimed the attack in January. The gang alleged it had stolen around 500GB of corporate and client data, including passport scans, IDs, Social Security numbers, addresses, financial statements, HR records, contracts, and non-disclosure agreements.
RansomHub later removed Manpower from its leak site, a move often interpreted as a sign that a ransom payment may have been made. The ransomware group, previously known as Cyclops and Knight, emerged in early 2024 and has since targeted several high-profile organizations such as Halliburton, Rite Aid, Kawasaki EU, Christie's auction house, Frontier Communications, Planned Parenthood, and Bologna FC.
The group has also been linked to one of the largest healthcare breaches in U.S. history—leaking Change Healthcare’s stolen data affecting more than 190 million people—following the collapse of the BlackCat/ALPHV ransomware gang.
Last year, the FBI reported that RansomHub affiliates had compromised over 200 critical infrastructure organizations in the United States as of August 2024.
When asked about the data exposed or RansomHub’s claims, a ManpowerGroup spokesperson emphasized that the incident was limited to the Lansing franchise and did not affect corporate systems.
"Earlier this year we were made aware that an independently owned and operated Manpower franchise in Lansing was impacted by a ransomware attack. This franchise operates on an independent data platform, making this an isolated incident where no ManpowerGroup corporate systems were affected," the spokesperson told BleepingComputer. "All those impacted by the Lansing breach have been informed. ManpowerGroup is counseling the franchisee and supporting their efforts, while the franchisee manages the direct response."
