Merkle, a US-based subsidiary of the Japanese multinational advertising giant Dentsu, suffered a cyberattack resulting in the exposure of sensitive data. The breach compromised files containing personal, payroll, and National Insurance details of current and former employees, as well as supplier and client data. The company took immediate action by shutting down certain systems to contain the attack and initiated an investigation with external cybersecurity experts. While the financial impact remains unclear, affected individuals are being notified and offered free dark web monitoring. The attack did not affect Dentsu’s systems in Japan, but the scale of the breach raises concerns given Merkle’s global workforce of over 16,000 employees and annual revenue of approximately $1.5 billion. No ransomware group has claimed responsibility, leaving the attack method unspecified beyond confirmation of data exfiltration.
TPRM report: https://www.rankiteo.com/company/merkle
"id": "mer3332133103025",
"linkid": "merkle",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Marketing and Customer Experience '
'Management (CXM)',
'location': 'United States',
'name': 'Merkle, Inc.',
'size': '16,000+ employees globally',
'type': 'Subsidiary'},
{'industry': 'Advertising and Public Relations',
'location': 'Japan (global operations)',
'name': 'Dentsu Group',
'size': '67,667 employees (as of December 31, 2024)',
'type': 'Parent Company'}],
'data_breach': {'data_exfiltration': 'Yes (files taken from Merkle’s network)',
'personally_identifiable_information': 'Yes (names, contact '
'details, National '
'Insurance numbers, '
'bank/payroll details)',
'sensitivity_of_data': 'High (includes financial and '
'personally identifiable information)',
'type_of_data_compromised': ['Personal details',
'Payroll data',
'National Insurance numbers',
'Bank details',
'Salary information',
'Contact details',
'Supplier data',
'Client data']},
'date_detected': '2025-10-30',
'date_publicly_disclosed': '2025-10-30',
'description': 'Japanese multinational advertising and public relations '
'company Dentsu announced that its U.S.-based subsidiary '
'Merkle suffered a cyberattack exposing staff and client data. '
'The company took certain systems offline to mitigate the '
'attack and is investigating with external cybersecurity '
'support. Hackers stole files containing supplier, client, and '
'employee data, including personal, payroll, and National '
'Insurance details. Affected individuals are being notified '
'and offered free dark web monitoring. The financial impact is '
'currently unknown.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive data',
'data_compromised': ['Supplier data',
'Client data',
'Employee data (personal details, payroll, '
'National Insurance numbers, bank details, '
'salary, contact details)'],
'downtime': 'Partial (some systems shut down and later restored)',
'identity_theft_risk': 'High (personal and financial data exposed)',
'operational_impact': 'Systems taken offline to mitigate breach; '
'investigation ongoing',
'payment_information_risk': 'High (bank and payroll details '
'compromised)',
'systems_affected': 'Certain network systems (taken offline during '
'mitigation)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (dark web '
'monitoring offered to '
'affected individuals)'},
'investigation_status': 'Ongoing (external cybersecurity firm involved)',
'ransomware': {'data_exfiltration': 'Yes (files stolen, but no ransomware '
'claim reported)'},
'references': [{'date_accessed': '2025-10-30',
'source': 'SecurityAffairs',
'url': 'https://securityaffairs.com'}],
'regulatory_compliance': {'regulatory_notifications': 'Relevant authorities '
'in impacted countries '
'notified'},
'response': {'communication_strategy': 'Public disclosure, notification to '
'affected individuals, offer of free '
'dark web monitoring',
'containment_measures': 'Systems taken offline to mitigate '
'attack',
'incident_response_plan_activated': 'Yes (systems shut down, '
'measures taken to minimize '
'impact)',
'law_enforcement_notified': 'Yes (relevant authorities in '
'impacted countries notified)',
'recovery_measures': 'Systems restored after mitigation',
'third_party_assistance': 'Yes (external cybersecurity firm '
'involved)'},
'stakeholder_advisories': 'Affected individuals notified; free dark web '
'monitoring offered',
'title': 'Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client '
'data exposed',
'type': 'Cyberattack (Data Breach)'}