The breach, discovered in January 2025, occurred after attackers infiltrated the company’s systems in late December 2024. The incident was uncovered during an investigation into an IT outage at a Lansing, Michigan franchise.
According to a filing with the Office of the Maine Attorney General, 144,189 individuals were impacted. In its notification letters, Manpower stated that an unauthorized actor gained access to its network between December 29, 2024, and January 12, 2025, potentially acquiring sensitive files containing personal data.
Affected individuals were notified on July 28, 2025. To mitigate risks, Manpower is offering free credit monitoring and identity theft protection services through Equifax. The company has also strengthened its cybersecurity defenses and is cooperating with the FBI to investigate the attack.
Although Manpower has not officially attributed the breach, the RansomHub ransomware group claimed responsibility in January. The gang alleged it stole approximately 500GB of data, including:
* Client and corporate databases
* Passport and ID scans, SSNs, addresses, and contact details
* HR and financial records
* Confidential contracts and NDAs
* Years of corporate correspondence
RansomHub later removed Manpower from its dark web leak site, suggesting a possible ransom payment.
RansomHub, a ransomware-as-a-service (RaaS) operation formerly known as Cyclops and Knight, surfaced in February 2024 and has targeted high-profile organizations worldwide. Past victims include:
* Halliburton (oil services)
* Rite Aid (drugstore chain)
* Kawasaki EU division
* Christie’s (auction house)
* Frontier Communications (US telecom)
* Planned Parenthood
* Bologna Football Club
The group was also linked to the Change Healthcare breach, which affected over 190 million people and became one of the largest healthcare data breaches in history.
In 2024, the FBI reported that RansomHub affiliates had compromised over 200 critical infrastructure organizations in the U.S. alone.
A spokesperson for ManpowerGroup clarified that the incident was limited to the independently owned Lansing franchise and did not impact the corporation’s global systems.
“Earlier this year we were made aware that an independently owned and operated Manpower franchise in Lansing was impacted by a ransomware attack. This franchise operates on an independent data platform, making this an isolated incident where no ManpowerGroup corporate systems were affected,” the spokesperson said.
The company is supporting the franchisee in managing the response while ensuring all affected individuals have been informed.
