Dentsu, a global advertising and media network, suffered a security breach within its subsidiary **Merkle’s network**, resulting in the theft of sensitive files. The compromised data included **personal and financial details** of **current and former employees**, as well as **some clients and suppliers**. Exposed information comprised **names, bank/payroll details, salaries, National Insurance numbers, and personal contact details**.The company detected **unusual network activity**, triggering an immediate response: systems were taken offline, incident response protocols were activated, and third-party cybersecurity firms alongside law enforcement were engaged. While Dentsu restored operations, the investigation remains ongoing. Affected individuals were notified and offered **credit/dark-web monitoring services** via Experian Identity Plus to mitigate risks like identity theft or financial fraud.The breach coincides with Dentsu’s strategic review, including potential divestments of its international creative and media divisions, raising concerns about operational stability. The incident underscores vulnerabilities in handling **highly sensitive employee and client data**, with potential long-term reputational and financial repercussions.
TPRM report: https://www.rankiteo.com/company/dentsu
"id": "den1492114110225",
"linkid": "dentsu",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'some clients, suppliers, and '
'current/former employees',
'industry': 'media and communications',
'name': 'Dentsu (via Merkle network)',
'type': 'advertising and marketing agency'}],
'customer_advisories': ['encouraged to monitor financial statements',
'offered Experian Identity Plus subscription'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['names',
'National Insurance '
'numbers',
'personal contact '
'details'],
'sensitivity_of_data': 'high (includes bank details, National '
'Insurance numbers, and salary '
'information)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'financial data',
'employment records']},
'description': 'Former and current staff at Dentsu and some clients had their '
'information taken following a security incident within '
'Merkle’s network. Files containing names, bank and payroll '
'details, salary, National Insurance numbers, and personal '
'contact details were exfiltrated. Dentsu has engaged '
'third-party cybersecurity firms, notified law enforcement, '
'and offered affected individuals credit and dark-web '
'monitoring services via Experian Identity Plus. The '
'investigation remains ongoing, but notifications have begun '
'in compliance with applicable laws.',
'impact': {'brand_reputation_impact': 'potential (ongoing investigation amid '
"speculation about Dentsu's future)",
'data_compromised': ['names',
'bank details',
'payroll details',
'salary information',
'National Insurance numbers',
'personal contact details'],
'downtime': 'temporary (some systems taken offline as precaution)',
'identity_theft_risk': 'high (bank, payroll, and PII exposed)',
'operational_impact': 'minimal (fully operational after '
'containment)',
'payment_information_risk': 'high (bank details compromised)',
'systems_affected': ['portion of Merkle’s network']},
'initial_access_broker': {'data_sold_on_dark_web': 'potential (dark-web '
'monitoring offered to '
'victims)',
'high_value_targets': ['employee data',
'client/supplier data']},
'investigation_status': 'ongoing',
'ransomware': {'data_exfiltration': True},
'recommendations': ['monitor financial statements',
'use credit/dark-web monitoring services (e.g., Experian '
'Identity Plus)'],
'references': [{'source': 'Campaign (marketing industry publication)'}],
'regulatory_compliance': {'regulatory_notifications': 'ongoing (notifications '
'begun in accordance '
'with applicable law)'},
'response': {'communication_strategy': ['internal email to employees',
'public statement',
'notification process for affected '
'parties'],
'containment_measures': ['systems taken offline',
'incident response protocols initiated'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['systems brought back online'],
'third_party_assistance': ['cybersecurity firm (unnamed)',
'Experian Identity Plus (for '
'monitoring services)']},
'stakeholder_advisories': ['internal email to employees', 'public statement'],
'title': "Data Breach at Dentsu's Merkle Network Affecting Employees, "
'Clients, and Suppliers',
'type': ['data breach', 'unauthorized access']}