The Lansing, Michigan franchise of global staffing firm **Manpower** suffered a **ransomware attack** by the **RansomHub** group, compromising the personal data of **144,189 individuals**. The breach occurred between **December 29, 2024, and January 12, 2025**, with attackers exfiltrating **500GB of data**, including **Social Security cards, driver’s licenses, passports, corporate bank statements, HR analytics, employee records, customer lists, and confidential contracts**. The franchise experienced an **IT outage on January 20**, disrupting local systems. While ManpowerGroup’s corporate systems remained unaffected, the franchise notified victims, offered **credit monitoring via Equifax**, and reported the incident to the **FBI**. RansomHub publicly threatened to leak the data unless a ransom was paid, posting **screenshots of stolen files** as proof. The financial and reputational fallout remains significant, though the full extent of the damage is undisclosed.
Source: https://www.theregister.com/2025/08/12/manpower_franchise_data_breach/
TPRM report: https://www.rankiteo.com/company/manpower-
"id": "man501081325",
"linkid": "manpower-",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '144,189 individuals',
'industry': 'Staffing and Recruitment',
'location': 'Lansing, Michigan, USA',
'name': 'Manpower Lansing Franchise',
'type': 'Staffing Franchise'}],
'customer_advisories': ['Notification letters sent to affected individuals '
'offering free credit monitoring'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['PDFs (social security cards, driver’s '
'licenses, passports)',
'Spreadsheets (employee hours, '
'worksites, customer lists)',
'Bank Statements',
'Confidential Contracts',
'Non-Disclosure Agreements'],
'number_of_records_exposed': '144,189',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'Numbers (SSNs)',
'Driver’s License '
'Numbers',
'Passport Details'],
'sensitivity_of_data': 'High (includes SSNs, passports, '
'financial statements, contracts)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'Corporate Documents',
'HR Records',
'Legal Documents']},
'date_detected': '2025-01-20',
'description': 'Global staffing firm Manpower confirmed a ransomware attack '
'on its independently operated Lansing, Michigan franchise, '
'resulting in the theft of personal information belonging to '
'144,189 individuals. The RansomHub extortion group claimed '
'responsibility, asserting they stole 500GB of data, including '
'sensitive documents like social security cards, driver’s '
'licenses, passports, financial statements, HR data, and '
'corporate contracts. The breach was isolated to the '
'franchise’s independent data platform, with no impact on '
'ManpowerGroup’s corporate systems. The incident was detected '
'in January 2025, with unauthorized access occurring between '
'December 29, 2024, and January 12, 2025. Affected individuals '
'were notified and offered free Equifax credit monitoring and '
'identity theft protection services. The FBI was notified, and '
'the franchise pledged cooperation in the investigation.',
'impact': {'brand_reputation_impact': ['Potential reputational damage due to '
'data exposure',
'Public disclosure of breach by '
'RansomHub'],
'data_compromised': ['Personal Information (144,189 individuals)',
'Social Security Cards',
'Driver’s Licenses',
'Passports',
'Financial Statements',
'HR Data Analytics',
'Corporate Bank Statements',
'Employee Hours and Worksites',
'Customer Lists',
'Confidential Contracts',
'Non-Disclosure Agreements',
'Names and Addresses'],
'downtime': 'IT outage on 2025-01-20 (duration unspecified)',
'identity_theft_risk': ['High (PII including SSNs, driver’s '
'licenses, passports exposed)'],
'legal_liabilities': ['Lawsuit filed against Manpower (mentioned '
'in stolen data screenshots)'],
'operational_impact': ['Disrupted access to local systems',
'Isolated incident (no corporate systems '
'affected)'],
'payment_information_risk': ['Corporate bank statements '
'compromised'],
'systems_affected': ['Lansing Franchise Network (Independent Data '
'Platform)']},
'initial_access_broker': {'high_value_targets': ['PII',
'Financial Data',
'Corporate Contracts']},
'investigation_status': 'Ongoing (FBI involved, franchise cooperating)',
'motivation': ['Financial Gain', 'Data Theft', 'Extortion'],
'post_incident_analysis': {'corrective_actions': ['ManpowerGroup counseling '
'franchisee',
'Implementing safeguards to '
'reduce future risk']},
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'RansomHub'},
'references': [{'source': 'The Register'},
{'source': 'Maine Attorney General’s Office (Data Breach '
'Notification)'},
{'source': 'RansomHub Leak Site (Screenshots of Stolen Data)'},
{'source': 'FBI (RansomHub as Top Ransomware Variant in '
'2024)'}],
'regulatory_compliance': {'legal_actions': ['Potential lawsuit (mentioned in '
'stolen data)'],
'regulatory_notifications': ['Maine Attorney '
'General (data breach '
'notification)']},
'response': {'communication_strategy': ['Notification letters to affected '
'individuals',
'Public statement via The Register',
'Data breach notification filed with '
'Maine Attorney General'],
'incident_response_plan_activated': True,
'law_enforcement_notified': ['FBI'],
'recovery_measures': ['Free Equifax credit monitoring and '
'identity theft protection for affected '
'individuals'],
'third_party_assistance': ['External security experts '
'(investigation)',
'Equifax (credit monitoring and '
'identity theft protection)']},
'threat_actor': 'RansomHub',
'title': 'Ransomware Attack on Manpower Lansing Franchise',
'type': ['Ransomware', 'Data Breach']}