Manpower Data Breach Exposes Nearly 145,000 Individuals’ Personal Information

Manpower, the international staffing and workforce solutions company, has announced a data breach that may have affected 144,189 people. The company sent formal notifications after completing its investigation, confirming that sensitive personal information might have been accessed by unauthorized parties.

The breach involved Manpower and associated staffing operations. It started when staff in Lansing, Michigan, noticed an IT outage and launched an investigation. That eventually led to the discovery that the breach was real and significant.

Based on what Manpower has shared, the attack took place between December 29, 2024 and January 12, 2025. The company first learned about the incident on January 20, 2025, when the outage triggered alarms but only later did they figure out the full scale of what data was affected.

A cybercriminal group known as RansomHub claimed responsibility. They said they extracted roughly 500 GB of data, including client databases, scans of passports and IDs, Social Security numbers, addresses, contact details, test results, and years of business correspondence.

Interestingly, RansomHub later removed their post about the Manpower breach from their leak site. Some cybersecurity observers interpret this removal as suggesting that Manpower may have negotiated with the attackers though the company has not confirmed any ransom payment.

To secure its systems, Manpower says it has already implemented stronger IT security measures. The company is working closely with law enforcement agencies, including the FBI, to investigate the breach and pursue the attackers. They are also offering free credit monitoring and identity-theft protection services to everyone whose data may have been compromised.

If you receive a notice from Manpower, the next steps are straightforward. Read the letter or email carefully to see what type of information was exposed. Follow the instructions to enroll in credit monitoring if offered. And regardless, keep a close eye on your banking statements, credit activity, and personal accounts. Be extra cautious with emails or calls that suddenly ask for more information or claim to be about the data breach.

This incident underscores how vulnerable staffing firms can be. They store many types of personal data everything from contact info to ID scans which makes them attractive targets for sophisticated attackers. Now is a good time for any organisation in a similar position to review their security controls, ensure backups are isolated and secure, run vulnerability scans, and make sure incident response plans are up-to-date.

While Manpower’s disclosure provides a detailed look at what happened, the investigation is still ongoing. As more accurate information becomes available from Manpower or from law enforcement, that will help everyone understand the full picture.

In the meantime, if you’ve been affected, take advantage of the protections offered and remain vigilant. If you haven’t received any notice, stay alert nonetheless your information may still be closely monitored but safe.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news