ManpowerGroup confirmed a ransomware attack on its Lansing, Michigan franchise between **December 29, 2024, and January 12, 2025**, compromising **144,189 individuals**. The breach involved exfiltration of **client personal data**, including names and basic details, while attackers claimed access to **sensitive records** such as passport scans, Social Security numbers, financial documents, and HR analytics. The incident highlights risks tied to third-party vendors handling confidential information, with potential long-term repercussions for affected individuals, including identity theft and financial fraud. Manpower did not disclose whether a ransom was paid or if operations were disrupted, but the scale and nature of the stolen data suggest severe exposure risks for both clients and employees.
Source: https://www.kaseya.com/blog/the-week-in-breach-news-09-03-25/
TPRM report: https://www.rankiteo.com/company/manpowergroup
"id": "man0293702100325",
"linkid": "manpowergroup",
"type": "Ransomware",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '2.5 billion (indirect warning '
'issued)',
'industry': 'Technology',
'location': 'North America',
'name': 'Google',
'size': 'Large (2.5B+ users)',
'type': 'Corporation'},
{'industry': 'Multiple',
'location': 'Global',
'name': 'Small and Midsize Businesses (SMBs)',
'type': 'Businesses'}],
'attack_vector': 'Vishing (Voice Phishing)',
'customer_advisories': 'Users advised to enable 2FA and review account '
'security settings',
'data_breach': {'data_exfiltration': 'Yes',
'file_types_exposed': ['Contact lists', 'Sales documents'],
'personally_identifiable_information': 'No',
'sensitivity_of_data': 'Low to Moderate (mostly public or '
'non-sensitive)',
'type_of_data_compromised': ['Business contact information',
'Sales notes']},
'date_detected': 'June 2025',
'date_publicly_disclosed': 'June 2025',
'description': 'Google warned its 2.5 billion Gmail users to strengthen '
'account protections following a data breach involving one of '
'its third-party Salesforce systems. The breach, linked to the '
'extortion group ShinyHunters, occurred after attackers '
'executed a vishing attack to trick an employee into granting '
'access. The compromised Salesforce instance contained contact '
'information and sales notes for small and midsize businesses. '
'Google confirmed no financial data was exposed, and the '
'compromised information was limited to business names and '
'contact details, much of it already public.',
'impact': {'brand_reputation_impact': 'Moderate (public disclosure of '
'third-party breach)',
'data_compromised': ['Business names',
'Contact details (emails, phone numbers)',
'Sales notes'],
'identity_theft_risk': 'Low (no financial or PII exposed)',
'operational_impact': 'Limited; no core Google systems affected',
'payment_information_risk': 'None',
'systems_affected': ['Third-party Salesforce instance']},
'initial_access_broker': {'entry_point': 'Vishing attack on employee',
'high_value_targets': ['Salesforce instance with '
'business contact data']},
'investigation_status': 'Ongoing (limited details disclosed)',
'lessons_learned': 'Third-party systems are high-risk targets for social '
'engineering attacks. Enterprises must enforce stricter '
'access controls and multi-factor authentication (MFA) for '
'third-party integrations.',
'motivation': 'Extortion, Data Theft',
'post_incident_analysis': {'root_causes': ['Successful vishing attack',
'Insufficient access controls for '
'third-party systems']},
'recommendations': ['Implement MFA for all third-party system accesses',
'Conduct regular security awareness training for '
'employees',
'Audit and secure third-party app integrations',
'Monitor for unusual access patterns in third-party '
'systems'],
'references': [{'source': 'Unspecified cybersecurity news outlet'}],
'response': {'communication_strategy': 'Public disclosure, user notifications',
'containment_measures': ['Isolation of compromised Salesforce '
'instance'],
'incident_response_plan_activated': 'Yes (public advisory '
'issued)',
'remediation_measures': ['User advisories to strengthen account '
'protections']},
'stakeholder_advisories': 'Public warning issued to Gmail users',
'threat_actor': 'ShinyHunters',
'title': 'Google Third-Party Salesforce Data Breach (June 2025)',
'type': 'Data Breach',
'vulnerability_exploited': 'Social Engineering (Human Error)'}