RansomHub Group Claims Manpower, American Standard, GROHE Data Breaches

• The ransomware group RansomHub claimed new victims on its dark web portal.
• One post alleges the group has 500GB belonging to staffing provider Manpower.
• American Standard and GROHE were also listed, with 400GB and 100GB of exfiltrated data, respectively.

The RansomHub ransomware group has claimed responsibility for recent cyber breaches involving global enterprises American Standard, GROHE, and Manpower. According to the group's statement, significant amounts of sensitive data were exfiltrated during these attacks.  

RansomHub alleges that they have infiltrated the systems of both American Standard and GROHE, subsidiaries of Japan-based global leader LIXIL Group. The group claims to have obtained approximately 400 GB of data from American Standard and 100 GB from GROHE. 

While the exact nature of the exfiltrated documents remains unclear, such quantities of data could encompass intellectual property, financial records, and potentially sensitive employee or customer information.  

The cybercriminal group has set a ransom deadline of January 28, 2025, giving LIXIL limited time to respond to their demands. Failing to meet the deadline could result in the release or sale of the stolen information via dark web channels.  

Alongside LIXIL's subsidiaries, RansomHub has also targeted the global staffing provider Manpower. They claim to have exfiltrated 500 GB of sensitive data from the company's systems. Details surrounding the timeline of the breach or the specific type of data stolen have not been disclosed. 

However, given the nature of Manpower’s business, stolen data could include sensitive employee records, payroll information, or client agreements, potentially placing many individuals and companies at risk.  

At the time of publication, none of the affected companies—American Standard, GROHE, or Manpower—have publicly confirmed the breaches. Similarly, no independent cybersecurity experts have corroborated RansomHub's claims, meaning whether the exfiltrated data figures or allegations are accurate remains uncertain.  

RansomHub's activities underscore the escalating threats posed by sophisticated ransomware groups targeting high-profile global enterprises. These incidents demonstrate a focused strategy of targeting companies with large digital footprints, pressuring them to comply with ransom demands to avoid the public disclosure or unauthorized distribution of confidential data.  

RansomHub surpassed LockBit as the leading Ransomware as a Service (Raas) model. Since its appearance in February 2024, RansomHub has made substantial gains in the ransomware landscape, claiming nearly 19% of all ransomware victims in September 2024.