A cyberattack on Merkle, the UK division of Japanese advertising giant Dentsu, has led to the exposure of sensitive personal and financial data belonging to employees, clients, and suppliers.
Quick Summary – TLDR:
- Dentsu confirmed a data breach at Merkle, its UK-based marketing arm, detected on October 27.
- Exposed data includes employee bank details, salary, National Insurance numbers, and contact information.
- Clients and suppliers were also affected; no ransomware group has claimed responsibility.
- Dentsu is offering credit monitoring and urging staff to watch for identity theft or fraud.
What Happened?
Dentsu identified “unusual activity” on Merkle’s network on October 27, prompting an immediate shutdown of affected systems and a full cybersecurity investigation. The breach, while initially thought to impact Dentsu’s U.S. operations, was later clarified to be tied specifically to Merkle’s UK operations, which operate under Dentsu UK Limited.
🚨Cyberattack Alert ‼️
— Hackmanac (@H4ckmanac) October 28, 2025
🇯🇵🇺🇸 – Merkle (subsidiary of Dentsu)
Advertising giant Dentsu has confirmed a cyberattack affecting its subsidiary Merkle, in what it refers to as a “security incident.”
Attackers exfiltrated unspecified “certain files” from Merkle’s network, containing… pic.twitter.com/8zsqFIxljM
Breach Impact and Response
The company confirmed that certain files were taken from Merkle’s servers. These included highly sensitive information related to current and former employees, such as:
- Bank account and payroll information
- Salary details
- National Insurance numbers
- Personal contact data
Additionally, some client and supplier data may have been accessed. Merkle, known for handling data-driven marketing and customer experience for global brands like Nestlé, Microsoft, American Express, Intel, and Procter & Gamble, operates across North America, EMEA, and APAC.
Dentsu notified affected employees, informed law enforcement, and engaged a third-party cybersecurity firm to assist in the forensic review. The breach was also reported to both the UK’s Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC).
Employee Support and Safety Measures
In response to the data breach, Dentsu is offering a complimentary one-year subscription to Experian Identity Plus, which includes credit monitoring and dark web surveillance. All potentially impacted individuals have been urged to stay vigilant and:
- Monitor bank and credit card statements for suspicious activity.
- Be cautious with unsolicited communications.
- Independently verify the identity of anyone requesting personal information.
- Report any unauthorized financial activity immediately.
- Alert local authorities in cases of suspected identity theft.
Dentsu has created a dedicated support contact for any affected individual who hasn’t been reached: DataNotificationOfficeUK@dentsu.com.
Operational Status and Financial Impact
Dentsu confirmed that all systems are now fully restored and that its Japan-based networks were not affected. While the company said the breach is likely to have some financial impact, no specific figures have been disclosed.
The timing is particularly sensitive as Dentsu is reportedly exploring the sale of parts of its international creative and media business. Merkle, considered a strategic growth pillar, is under the spotlight as the company doubles down on its data-driven services.
No Public Leak or Ransom Demands Yet
So far, no ransomware group has claimed responsibility, and Dentsu said there is no evidence that the stolen data has been publicly leaked. However, they warned that the exposed data could still be used for fraud or social engineering attacks, particularly when combined with publicly available information.
SQ Magazine Takeaway
I think what stands out most here is how a cyberattack like this hits way beyond just tech infrastructure. Real people’s financial and personal data is now in the wild, and that makes the threat very real. Dentsu responded quickly, which is good, but the fact that bank details, salaries, and National Insurance numbers were part of what got stolen makes this a serious wake-up call. It also shows how cybersecurity risks are no longer just IT issues. They’re now central to brand trust, business continuity, and even employee morale. If you’re working with sensitive data, you need airtight systems and an even tighter response plan.
