Dentsu Subsidiary Breached, Employee Data Stolen
Summary
Merkle, a US-based customer experience management subsidiary of Japanese marketing group Dentsu, suffered a network breach in which threat actors stole files containing sensitive information. Dentsu detected unusual activity, initiated incident response, engaged a cybersecurity firm, notified law enforcement and UK regulators (the ICO and NCSC), and temporarily took some systems offline as a precaution before restoring them.
Initial investigations indicate the stolen files include personal and financial details for current and former employees — bank and payroll details, salary information, National Insurance numbers and contact details — and also data related to some clients and suppliers. Dentsu has begun notifying potentially affected people and is offering one year of credit and Dark Web monitoring. The company has not confirmed whether ransomware or an extortion demand was involved.
Key Points
- Merkle (a Dentsu subsidiary) experienced a data theft incident; Dentsu disclosed the breach and launched an investigation.
- Stolen information reportedly includes bank and payroll details, salary, National Insurance numbers and contact details for current and former employees.
- Files relating to some clients and suppliers were also taken.
- Dentsu engaged a cybersecurity firm, notified law enforcement and UK regulators, and temporarily took systems offline before restoring them.
- The company is offering affected individuals a year of credit and Dark Web monitoring and warned of increased phishing and identity-fraud risk.
- Although not confirmed, language in the disclosure suggests data extortion or ransomware could be involved.
- Experts recommend following NIST incident-response phases, limiting data retention, encrypting sensitive HR/payroll data, applying least-privilege access, rotating exposed credentials, and running threat hunts and red-team validations.
Why should I read this?
Because if you work in HR, security, or use services from Dentsu/Merkle, this is the kind of mess that lands in your inbox fast. Sensitive payroll and National Insurance data were taken — so expect phishing attempts, possible identity fraud, and regulatory fallout. It’s a quick reality check on why data minimisation and solid incident playbooks actually matter.
Context and Relevance
Data theft of this kind remains a persistent threat for organisations that store centralised HR and client records. Customer experience and marketing firms like Merkle hold large volumes of personal and financial data across regions, making them attractive targets and raising cross‑jurisdictional notification and compliance challenges. The incident underlines industry guidance: classify and minimise retention of HR/payroll data, encrypt data at rest and in transit, enforce least‑privilege access, and prepare tested incident-response plans aligned to NIST or similar frameworks.