Merkle Inc. Data Breach Exposes Sensitive PII in 2025 Cyberattack
Merkle Inc., a global performance marketing and customer experience management firm under dentsu, disclosed a data breach involving unauthorized access to its servers. The incident was detected on August 31, 2025, prompting an immediate response, including containment efforts and an investigation with a third-party cybersecurity firm.
By January 27, 2026, Merkle confirmed that compromised files contained sensitive personally identifiable information (PII), including names and Social Security numbers. The company reported the breach to the New Hampshire Attorney General’s office on February 6, 2026, and began mailing notification letters to affected individuals. As of the disclosure, one New Hampshire resident has been confirmed as impacted.
Merkle is offering affected individuals a 12-month complimentary Experian IdentityWorks membership, which includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Legal firm Shamis & Gentile P.A. is investigating potential compensation claims for those affected.
The breach highlights ongoing risks in data security, particularly for companies handling large volumes of customer information.
Source: https://www.claimdepot.com/investigations/merkle-data-breach-2026
Merkle cybersecurity rating report: https://www.rankiteo.com/company/merkle
"id": "MER1770415139",
"linkid": "merkle",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least one confirmed (New '
'Hampshire resident)',
'industry': 'Performance Marketing and Customer '
'Experience Management',
'location': 'Global',
'name': 'Merkle Inc.',
'type': 'Company'}],
'customer_advisories': '12-month complimentary Experian IdentityWorks '
'membership (credit monitoring, identity restoration '
'support, $1 million identity theft insurance)',
'data_breach': {'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High (Social Security numbers, names)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-08-31',
'date_publicly_disclosed': '2026-02-06',
'description': 'Merkle Inc., a global performance marketing and customer '
'experience management firm under dentsu, disclosed a data '
'breach involving unauthorized access to its servers. The '
'incident was detected on August 31, 2025, prompting an '
'immediate response, including containment efforts and an '
'investigation with a third-party cybersecurity firm. By '
'January 27, 2026, Merkle confirmed that compromised files '
'contained sensitive personally identifiable information '
'(PII), including names and Social Security numbers. The '
'company reported the breach to the New Hampshire Attorney '
'General’s office on February 6, 2026, and began mailing '
'notification letters to affected individuals. As of the '
'disclosure, one New Hampshire resident has been confirmed as '
'impacted.',
'impact': {'data_compromised': 'Sensitive personally identifiable information '
'(PII), including names and Social Security '
'numbers',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'references': [{'source': 'New Hampshire Attorney General’s office'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'being investigated by Shamis & '
'Gentile P.A.',
'regulatory_notifications': 'Reported to New '
'Hampshire Attorney '
'General’s office'},
'response': {'communication_strategy': 'Notification letters to affected '
'individuals, disclosure to New '
'Hampshire Attorney General’s office',
'containment_measures': 'Yes',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Third-party cybersecurity firm'},
'title': 'Merkle Inc. Data Breach Exposes Sensitive PII in 2025 Cyberattack',
'type': 'Data Breach'}