A cyberattack on Manpower’s Michigan office has compromised the data of 144,000 individuals, while Workday faces a data breach linked to a broader social engineering scheme. These incidents underscore the escalating risks posed by cyber threats.
Recently, two significant organizations—global staffing agency Manpower and software provider Workday—have reported separate cyberattacks that have jeopardized the personal information of numerous individuals. These cases highlight an alarming trend in data breaches that threaten both business integrity and customer safety.
Manpower Breach
Manpower, a prominent staffing agency, revealed that a cyberattack affecting its franchise office in Lansing, Michigan, has resulted in the exposure of personal information belonging to 144,189 individuals. The breach was uncovered on January 20, 2025, following an IT outage.
An investigation indicated that an attacker accessed the company’s network from late December 2024 until mid-January 2025. While Manpower did not disclose the identity of the attackers, a group named RansomHub has claimed responsibility for the incident.
It is noteworthy that the affected franchise operates independently on its own data platform, thus limiting the implications for the larger ManpowerGroup corporate network. To mitigate the impact of the breach, Manpower is offering one year of free credit monitoring and identity theft protection to those affected. The company has also contacted the FBI and is prepared to work closely with law enforcement to bring the perpetrators to justice.
Workday Breach
Simultaneously, Workday announced a data breach associated with a third-party Customer Relationship Management (CRM) platform. This incident is part of a broader “social engineering campaign” that has targeted multiple large organizations.
Social engineering refers to techniques used by cybercriminals to manipulate individuals into divulging confidential information, often by masquerading as trusted figures. In this case, the hackers accessed basic business contact information, including names, email addresses, and phone numbers. Workday affirmed that there is no evidence that customer data was compromised.
In a public statement, Workday emphasized, “There is no indication of access to customer tenants or the data within them. We acted swiftly to terminate the breach and have implemented additional safeguards to prevent similar occurrences in the future.”
This incident appears to be part of an ongoing series of breaches attributed to the notorious ShinyHunters group. Hackread.com has reported that this group has been targeting employees through deceptive phone calls, impersonating IT personnel to gain access to corporate databases.
ShinyHunters’ recent victims include notable companies like Google, LVMH, Chanel, and Adidas. Following investigations, Google’s threat intelligence team confirmed that the ShinyHunters group successfully breached their Salesforce database.
These incidents reflect the persistent threat landscape faced by organizations worldwide. Examining the MITRE ATT&CK framework reveals potential tactics involved in these attacks, including initial access techniques that exploit human vulnerabilities and social engineering methods aimed at facilitating unauthorized data access.
