Data Breach at American Staffing Company Exposed Sensitive Information of Nearly 150,000 Individuals

American staffing company Manpower said the data security incident it suffered last year compromised the sensitive personal data of nearly 150,000 individuals.

 

Considered as one of the largest staffing companies globally, Manpower works with 14,000 small- to mid-size organisations, and has more than 80,000 associates. The company has its branches in several states including, Michigan,South Carolina, New York, Minnesota, and more.

 

In a data security incident notice filed with the Office of Maine Attorney General, Manpower of Lansing said that on January 20, it experienced a network outage that disrupted access to certain critical systems. The staffing company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“Through that investigation, we learned of information suggesting that an unknown actor gained unauthorised access to our network between December 29, 2024 and January 12, 2025 and potentially acquired certain files, some of which may have contained certain individuals’ personal information,” the company said.

 

The compromised data included names and other personal identifiers along with Social Security Numbers. The filing with the Maine state regulator also states that Manpower of Lansing has identified at least 144,189 individuals impacted by the incident.

 

Manpower of Lansing has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Epiq to all affected individuals.

 

 

 

The RansomHub ransomware group claimed responsibility for the cyber attack on Manpower and listed it as a victim on its data leak site. The group claimed to be in possession of  500 GB of confidential data stolen from the and gave a deadline of 8 days to fulfil its ransom demand. 

 

It is unclear whether Manpower engaged with the hacker group or paid a ransom.