Global advertising and marketing giant Dentsu has confirmed that a data breach occurred within its subsidiary Merkle, describing the event as a “cyber security incident.”
According to Dentsu, unauthorised actors accessed and exfiltrated certain files from Merkle’s network containing information about clients, suppliers, and both current and former employees. The company has not disclosed how many individuals were affected or which regions were impacted.
Merkle employs more than 16,000 people across 30+ countries, serving major brands such as Samsung, Kimberly-Clark, Sony, Kellogg’s, and Volkswagen. In an internal email to staff, Dentsu said that the compromised data may include bank and payroll details, salary information, National Insurance numbers, and personal contact details.
Dentsu stated that it activated its incident response protocols immediately, taking some systems offline as a precaution and engaging third-party cybersecurity firms to assist in the investigation. Law enforcement has been notified, and affected individuals are being contacted in accordance with data-protection laws. Impacted employees are also being offered one year of credit and dark-web monitoring services through Experian Identity Plus.
“We identified unusual activity on a portion of Merkle’s network,” Dentsu said in a statement. “Upon discovery, we initiated our incident response process, took systems offline out of precaution, and engaged external cybersecurity experts. Our review confirmed that certain files were taken, containing information relating to some clients, suppliers, and employees.”
The company confirmed that its systems are now fully operational.
While the source of the attack has not yet been identified, UK Chancellor Rachel Reeves recently suggested that “hostile states like Russia” are responsible for several recent cyber incidents targeting British organisations.
Merkle’s ongoing collaboration with RefugeeForce, a Salesforce training initiative supporting refugees, including those displaced from Ukraine, may have made it an attractive target for threat actors. RefugeeForce provides digital-skills training, mentorship, and job placement for participants entering the Salesforce ecosystem.
Dentsu previously emphasized its global cybersecurity readiness following the 2017 NotPetya ransomware attack that struck advertising rival WPP, saying it maintained “an established global cyber security programme” to deploy patches, manage vulnerabilities, and monitor threats. The company reaffirmed that it will continue to prioritise its cybersecurity strategy “to ensure we remain at the forefront of managing emerging risks.”
