ManpowerGroup on Thursday disclosed a data breach affecting its staffing brands Manpower, Experis and Talent Solutions, exposing the personal information of about 144,189 individuals. The company said attackers gained access to its networks between December 29, 2024 and January 12, 2025, with the incident first detected during an IT outage at its Lansing, Michigan office on January 20, 2025. The breach is referenced in a data breach filing with the Office of Maine’s Attorney General, which lists 144,189 individuals as affected under the timeline described by the company. Maine data breach filing.
ManpowerGroup, which includes Manpower, Experis and Talent Solutions, said it has strengthened its IT security and is cooperating with the FBI to hold those responsible accountable. The company, part of a global workforce solutions group with more than 600,000 workers across 2,700 offices and more than 100,000 clients, is offering free credit monitoring and identity theft protection through Equifax to affected individuals.
RansomHub, a ransomware-as-a-service operation that has claimed numerous high-profile breaches, said in January that it was responsible for the attack. The group, which has previously surfaced under the names Cyclops and Knight, claimed to have stolen roughly 500GB of data from Manpower’s systems, including client databases and a wide range of personal and corporate information. The claim was posted on X in a message that linked to the gang’s leak notes.
The attackers’ purported data trove included databases of clients, personal data such as passport scans, Social Security numbers, addresses and test results, as well as confidential contracts and nondisclosure agreements. After initially publishing the stolen data, the group removed the Manpower entry from its dark web leak site, a move that researchers say could indicate a ransom payment to suppress publication of the material.
A Manpower spokesperson was not immediately available for comment when contacted for this update. The company has said it is continuing to work with law enforcement and cybersecurity partners as investigations proceed.