In a recent data breach notification, the staffing and recruiting firm Manpower has confirmed that it was the victim of a ransomware attack in January, which resulted in the theft of personal information belonging to approximately 140,000 individuals. The incident was first detected while investigating an IT outage on January 20 at its Lansing, Michigan, office. An internal investigation, assisted by external cybersecurity experts, revealed that an unauthorized actor had access to Manpower’s network for several weeks, from December 29, 2024, to January 12, 2025.
During this period of unauthorized access, the hackers exfiltrated files containing a wide range of sensitive data. Manpower’s filing with the Maine Attorney General’s office indicates that 144,180 people were impacted by the breach. While Manpower has not officially named the perpetrators, the RansomHub ransomware group publicly claimed responsibility for the attack on its leak site on January 22, alleging to have stolen 500 GB of corporate and personal data.
The stolen information, as detailed by RansomHub’s claims, included a variety of sensitive personal and corporate documents. The group claimed to have exfiltrated HR, financial, and marketing documents, along with databases containing personal information. Screenshots posted by the group reportedly showed documents such as passport scans, social security numbers, and driver’s licenses, as well as confidential contracts and financial statements. The wide scope of the data suggests that the attackers had deep access to the company’s network.
In response to the breach, Manpower has taken steps to secure its systems and prevent future incidents. The company has also been cooperating with the FBI in its investigation. As a measure to mitigate the impact on those affected, Manpower is offering free credit monitoring and identity theft protection services. This is a common practice for companies after a data breach involving personal data, as it helps individuals protect themselves from potential fraud.
The RansomHub group, which is a ransomware-as-a-service (RaaS) operation, has gained notoriety for its attacks on high-profile targets across various sectors, including critical infrastructure. However, recent reports indicate that the group’s activity has ceased since April, and its affiliates are believed to have been absorbed by the DragonForce group, a similar cybercriminal operation.
Reference:
