Marketing giant Dentsu warns staff after Merkle data raid

Steven

Marketing giant Dentsu warns staff after Merkle data raid

Summary

Global advertising group Dentsu has informed current and former staff that a cyberattack on its US subsidiary Merkle resulted in the theft of payroll and other sensitive employee data. The incident notification reviewed by The Register confirms Merkle — a data-driven media and customer experience arm with more than 16,000 employees worldwide — was targeted. Dentsu says it detected unusual activity on Merkle servers, implemented incident response procedures, engaged an external cybersecurity firm, notified law enforcement and UK authorities (the ICO and NCSC), and shut down ‘certain systems’ while investigating.

The company has told affected individuals the stolen files likely include names, bank and payroll details, salary, National Insurance number and personal contact information. Dentsu offered complimentary dark-web monitoring via Experian and warned staff to be vigilant against phishing and social-engineering attempts. The firm has not publicly confirmed whether ransomware was involved and declined to provide specifics on the number of people affected, exact timing or geographic distribution of the breach.

Key Points

  • The attack targeted Merkle, Dentsu’s US-based data-driven marketing and customer experience business.
  • Merkle employs over 16,000 people and operates across EMEA, the Americas and APAC; Dentsu overall has around 68,000 staff globally.
  • Stolen data reported to include names, bank and payroll details, salary, National Insurance number and contact information.
  • Dentsu initiated incident response, engaged a third-party cybersecurity firm, notified law enforcement and the ICO and NCSC, and shut down some systems to contain the incident.
  • The company offered affected individuals complimentary dark-web monitoring via Experian and warned about phishing and identity-fraud risks.
  • No group has claimed responsibility publicly and Dentsu has not confirmed whether ransomware was used.

Context and relevance

This breach sits squarely in the growing pattern of service-provider and supply-chain attacks that put large numbers of third-party employees and clients at risk. When an organisation like Merkle — which handles HR and payroll-adjacent data for many regions — is compromised, the consequences ripple: elevated fraud risk for staff, regulatory scrutiny for the parent company, and potential operational disruption for clients. For security teams, HR and compliance officers, and affected individuals, the incident highlights the need for robust third-party risk management, rapid breach communication and targeted monitoring for identity fraud.

Why should I read this?

Short version: if you work for Dentsu, Merkle or any supplier that handles payroll or employee records, this affects you. The article saves you time—telling you what was taken, how Dentsu responded, and the immediate steps being offered. Read it so you know whether to freeze accounts, watch for phishing, and sign up for monitoring.

Author style

Punchy: this is not just another corporate statement. The details — payroll, bank details and National Insurance numbers — make the story urgent for affected staff and relevant to any organisation that outsources HR or data processing. If you manage third-party risk or employee data, pay attention to the containment and notification gaps flagged here.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/10/29/dentsu_merkle_breach/