Dentsu’s Merkle data breach: Employee bank details and salary info potentially exposed

New Delhi: Japanese advertising major Dentsu has disclosed a data breach linked to Merkle, its data-driven marketing arm, after detecting what it called “unusual activity” on Merkle’s network. 

The company said the incident may have exposed sensitive personal and financial information belonging to current and former employees and, in some cases clients and suppliers.

The breach, first identified on October 27, triggered an internal incident response and an external forensic investigation. Dentsu says certain files were taken from Merkle’s systems. A review of those files showed they contained employee data, including bank and payroll details, salary information, National Insurance numbers and personal contact details.

While initial reports described Merkle as a US-based subsidiary, Dentsu has clarified that in this case the breach specifically affects Merkle as a trading division of Dentsu UK Limited. The group has told staff that the exposure primarily concerns its UK operations. The full scope is still under review.

Dentsu said it immediately isolated affected servers, activated its breach protocol and brought in a specialist cybersecurity firm “that has worked with other companies to address similar situations.” Law enforcement has been notified. The company has also reported the incident to the UK Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC).

No ransomware group has claimed responsibility and, according to Dentsu, there is currently no evidence that the stolen files have been leaked publicly.

Who is affected

Dentsu is now directly notifying all current and former UK employees whose data may be involved. “We have sought to notify all of our current and former employees whose personal data was potentially involved and to assure all of them that we take this very seriously,” the company said.

Anyone who believes they may be impacted and has not yet been reached can contact a dedicated address at DataNotificationOfficeUK@dentsu.com.

The company has also acknowledged that beyond staff, some client and supplier information may have been accessed, given Merkle’s role handling customer experience, CRM and media data for blue-chip brands including Nestlé, American Express, Intel, Microsoft and Procter & Gamble across North America, EMEA and APAC.

What data is at risk

Based on Dentsu’s internal review so far, the exposed files may include:

• Bank account and payroll details
  
  
• Salary information
  
  
• National Insurance numbers
  
  
• Personal contact information
  
  

The company is telling employees to assume this data could be combined with other publicly available information or social engineering attempts to commit fraud.

What Dentsu is advising staff to do

The company is urging anyone potentially affected to stay alert to suspicious financial activity and phishing attempts. Employees and ex-employees are being advised to:

• Monitor bank, credit card and building society statements for unauthorised transactions
  
  
• Treat unsolicited requests for personal data or passwords with extreme caution
  
  
• Independently verify the identity of anyone asking for sensitive information
  
  
• Contact their bank immediately if they see activity they did not authorise
  
  
• Report suspected identity theft or misuse of personal data to the relevant authority in their country
  
  

Support being offered

Out of what it calls “an abundance of caution,” Dentsu is offering a complimentary one-year subscription to Experian Identity Plus. The service includes credit monitoring and dark web surveillance to alert users if their details surface in criminal marketplaces.

Dentsu said it has “taken measures to prevent the public disclosure of the data.”

Operational impact and timing

Dentsu said that systems are now fully restored, and that its Japan-based network was not affected. It also indicated that there may be some financial impact from the incident, though it did not quantify the potential cost.

The timing is sensitive. The breach comes as Dentsu is already under strategic scrutiny globally. The holding company has recently hired bankers to explore possible sales of parts of its international creative and media operations, even as it continues to position Merkle as a core growth engine in data-driven media, analytics and customer experience.

For now, the immediate priority is containment, notification and reassurance.

“We take this very seriously,” Dentsu told staff. “We are not aware of any public disclosure of the files.”