Dentsu’s Merkle suffers data breach, sensitive information stolen

Dentsu has confirmed a data breach at its data-driven marketing subsidiary Merkle after detecting unusual activity on the company’s UK network in late October. The holding company said the incident may have exposed sensitive employee information and, in some cases, client and supplier data.

Dentsu discovered the breach on 27 October and launched an internal investigation, during which it found that certain files had been exfiltrated from Merkle’s systems. The company said the stolen data included payroll and bank details, salary information, National Insurance numbers and personal contact information relating to current and former UK employees, as per media reports. 

The breach primarily affects Merkle, which operates as a trading division of Dentsu UK Limited. The company said its Japan-based systems were not impacted. Dentsu isolated the affected servers, activated its breach response protocol and brought in an external cybersecurity firm to assist. It notified the UK Information Commissioner’s Office, the National Cyber Security Centre and law enforcement, a move consistent with UK regulatory requirements for reporting serious data incidents.

Dentsu has begun contacting all employees who may have been affected and is offering a complimentary one-year subscription to Experian Identity Plus, which provides credit monitoring and dark web surveillance. The company urged individuals to remain vigilant for suspicious transactions or social engineering attempts and acknowledged that the data could be used for fraud.

The Wall Street Journal reported that Dentsu is already managing strategic uncertainty as it explores potential sales of parts of its international creative and media operations. The timing of the data breach adds further pressure on the group as it attempts to reassure staff, clients and investors about the integrity of its systems.

Dentsu said its systems have been fully restored and that, so far, no ransomware group has claimed responsibility for the intrusion. The company also stated that there is no evidence the stolen files have appeared on public leak sites.

As investigations continue, cybersecurity analysts expect closer scrutiny of data-handling practices across the advertising sector, where large volumes of personal and behavioural data remain a target for increasingly sophisticated attackers.