Stolen data from Manpower franchise revealed following RansomHub's exposure of the purloined information
In a recent development, a ransomware attack was reported to have occurred on a Manpower franchise in Lansing, Michigan. The incident, which took place on January 20, 2025, resulted in an IT outage and an unauthorized access to the network between December 29, 2024, and January 12, 2025.
During this period, personal information belonging to 144,189 people was stolen. All those affected by the Lansing breach have since been informed, and they will receive free Equifax credit monitoring and identity theft protection services.
The attack was an isolated incident, affecting only the Lansing franchise's network, and did not impact ManpowerGroup's corporate systems. The parent company, which reported $17.9 billion in revenue last year, has notified the FBI about the digital heist and will provide cooperation to hold the perpetrator(s) accountable.
The ransomware group responsible for the attack is known as RansomHub, a notorious extortion crew that emerged in February 2024, previously known under names like Cyclops and Knight. RansomHub operates using a double-extortion model, where it first steals large volumes of sensitive data before encrypting victim systems. After exfiltration, it threatens to leak the data publicly if ransom demands are not met, creating pressure beyond just operational disruption.
RansomHub has targeted major organizations, including Halliburton, Patelco Credit Union, Christie's, and Manpower of Lansing, with data theft volumes reaching hundreds of gigabytes to multiple terabytes. One notable incident involved the stolen data of Change Healthcare, after the original ransomware group ALPHV/Blackcat pulled an exit scam and failed to pay its affiliate, that affiliate passed the stolen data on to RansomHub.
Operationally, RansomHub keeps its leadership insulated from direct exposure, using technical operators as front-line assets. Recently, the group has stopped publishing new victims, possibly indicating disruption by law enforcement or internal instability within the ransomware underground ecosystem. The FBI has initiated cooperation for investigations into their crimes.
Businesses affected by such incidents have been advised to increase security governance, particularly in franchise or multi-entity environments where the risk of distributed attacks is higher. The increasingly fragmented and volatile ransomware ecosystem, where groups rapidly evolve, exit scam, or get disrupted, leads to complex victim extortion scenarios.
Read also:
- Chicago Sports Network assigns significant task to Mobile TV Group's 56FLEX for broadcasting sports events
- "Countdown to Disruption": Israeli Websites Halt Operations following Cyberassault from Gaza
- Investigating Various Pacing Speeds for Polling
- Revolutionizing Sports: The Impact of Intelligent Devices Transforming the Athletic Field
