Manpower, a major staffing company based in Lansing, Michigan, has confirmed a ransomware attack that exposed the personal data of approximately 140,000 individuals. The breach, attributed to the notorious RansomHub group, went undetected for weeks — from late December 2024 to mid-January 2025 — during which attackers maintained access to Manpower’s network and exfiltrated over 500 GB of sensitive information.
The stolen data includes client databases, passport and ID scans, Social Security numbers, addresses, financial records, HR files, contracts, and confidential corporate correspondence. This is classic double extortion: RansomHub not only encrypted systems but also threatened to leak the stolen data publicly on their dark web site. While the group initially listed Manpower among its victims, the posting was later removed — fueling speculation that the company may have paid a ransom to secure deletion of the files.
The attack caused a significant IT outage, disrupting operations and prompting Manpower to work closely with the FBI and cybersecurity specialists. The company is now offering free credit monitoring and identity theft protection to all affected individuals, but the potential damage extends far beyond identity fraud. With access to detailed personal and corporate information, the stolen data could enable targeted phishing, business email compromise, or further network intrusions — not just against Manpower, but also against its clients.
RansomHub, which rose to prominence in 2024 after replacing other top ransomware brands, is known for “big game hunting” — targeting large enterprises for maximum payout potential. They’ve also been linked to sophisticated affiliate operations and exploitation of major software vulnerabilities. Industry analysts warn that even though RansomHub’s public activity has slowed since March 2025, its affiliates are likely still active — possibly under the banner of DragonForce or other emerging groups.
For the staffing and recruitment sector, this breach is a stark reminder that sensitive personal data is prime ransomware bait. Without proactive security measures — including advanced endpoint protection, employee phishing awareness training, and strict network segmentation — staffing agencies and other service providers remain high-value, high-risk targets.
#ManpowerDataBreach #RansomHub #Ransomware #Cyberattack #DataBreach #DoubleExtortion #IdentityTheft #FBI #Cybersecurity #DragonForce #ITOutage #ClientDataExposure #MichiganCyberattack #StaffingIndustrySecurity #DataProtection
