Global staffing firm Manpower confirmed ransomware criminals broke into its Lansing, Michigan franchise’s network and stole personal information belonging to 144,189 people, months after the extortionists claimed that they pilfered “all of [the company’s] confidential data.” 

“Earlier this year we were made aware that an independently owned and operated Manpower franchise in Lansing was impacted by a ransomware attack,” a ManpowerGroup spokesperson told The Register. “This franchise operates on an independent data platform, making this an isolated incident where no ManpowerGroup corporate systems were affected. All those impacted by the Lansing breach have been informed.”

The spokesperson declined to answer specific questions about the intrusion, including how the digital thieves gained initial access, how much and what specific data they accessed, and what the ransom demand involved.

“ManpowerGroup is counseling the franchisee and supporting their efforts, while the franchisee manages the direct response,” the spokesperson continued. “We greatly value the information entrusted to us and have implemented numerous safeguards to reduce the risk of future incidents. ManpowerGroup is committed to ensuring the highest security and business process standards necessary to protect our clients, partners, and employees.”

ManpowerGroup reported $17.9 billion in revenue last year and boasts more than 3,500 branch offices across 75 countries.

According to a data breach notification filed with the Maine Attorney General’s office, the company’s Lansing franchise suffered an IT outage on January 20 that disrupted access to some of its local systems.

A subsequent investigation aided by external security experts found that “an unknown actor gained unauthorized access to our network” between December 29, 2024 and January 12, 2025, acquiring files that contained some people’s private details — although the sample letter to victims [PDF] doesn’t disclose what specific data the miscreants took in the intrusion. The franchise notified the FBI about the digital heist and “will provide whatever cooperation is necessary to hold the perpetrator(s) of the incident accountable,” according to the letter.

Plus, all of those affected by the compromise will receive free Equifax credit monitoring and identity theft protection services through Equifax.

Back in January, notorious extortion crew RansomHub listed Manpower on its data leak site and claimed to have swiped 500GB of data before posting screenshots of the allegedly stolen files. These images included people’s social security cards, driver’s licenses, and passports, a lawsuit filed against Manpower, corporate bank statements, spreadsheets detailing employees’ hours and worksites, and customer lists.

“Unfortunately, all of your confidential data is on our servers,” the miscreants crowed, adding that they stole financial statements, HR data analytics, passports, ID cards, names and addresses, confidential contracts, and non-disclosure agreements. 

“We are waiting for you to return in the chatroom,” the RansomHub affiliate added. “Otherwise, I believe your competitors would like it very much!!!!!”

We’d suggest taking all of this with a heavy dose of salt — criminals aren’t the most trustworthy individuals. However, the screenshots uploaded to the leak site do appear to support the data-theft claims.

RansomHub affiliates also previously claimed responsibility for the NRS Healthcare breach in March 2024. The firm supplies healthcare equipment to the UK’s National Health Service and works with around 40 councils across England and Northern Ireland.

In July, 16 months after the cyberattack, the organization warned it may not recover from the breach’s financial toll.

According to the FBI, RansomHub was one of the five most reported ransomware variants deployed against America’s critical infrastructure last year. ®