Dentsu’s customer experience unit, **Merkle**, suffered a **cyberattack** resulting in the theft of **sensitive employee data**, including bank/payroll details, salaries, National Insurance numbers, and contact information for **current and former employees** (some dating back over a decade). The breach triggered legal action, with over **150 ex-employees** organizing via WhatsApp to pursue group litigation, alleging Dentsu’s failure to implement adequate security or comply with data retention policies. The UK’s **Information Commissioner’s Office (ICO)** is investigating, with potential fines up to **2% of global turnover** or multi-million-dollar penalties. While Dentsu engaged cybersecurity firms and offered credit/dark-web monitoring, affected individuals report **unclear communication** about exposed data, heightening fraud risks. The incident compounds Dentsu’s reputational and financial strain, coinciding with an unrelated **money-laundering probe** in India linked to a third-party acquisition (InDeed), though no direct connection to the Merkle breach was established.
Merkle cybersecurity rating report: https://www.rankiteo.com/company/merkle
"id": "MER4741147112625",
"linkid": "merkle",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Current and former employees '
'(some left >10 years ago)',
'industry': 'Media & Communications',
'location': 'UK (global operations)',
'name': 'Dentsu Group (Merkle unit)',
'type': 'Advertising and Marketing Agency'},
{'industry': 'Media & Communications',
'location': 'India',
'name': 'Dentsu India',
'type': 'Subsidiary'},
{'industry': 'Agriculture/Government Contracts',
'location': 'India (Haryana, Delhi)',
'name': 'Suumaya Group',
'type': 'Agro-trading and Welfare Programme '
'Contractor'}],
'customer_advisories': ['Credit monitoring offered to affected employees'],
'data_breach': {'data_exfiltration': "Confirmed ('certain files' stolen)",
'personally_identifiable_information': ['Names',
'Contact details',
'National Insurance '
'numbers',
'Salaries',
'Bank details',
'Payroll details'],
'sensitivity_of_data': 'High (bank details, National '
'Insurance numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_publicly_disclosed': '2025-10-01',
'description': "A cyberattack on Dentsu's Merkle unit led to the theft of "
'sensitive employee and client information, sparking legal '
"action and regulatory scrutiny. Concurrently, Dentsu's Indian "
'business is entangled in a ₹137 crore money-laundering probe '
'linked to the Suumaya Group, involving fake contracts and '
'shell companies. The UK ICO is reviewing the data breach, '
"while India's Enforcement Directorate investigates financial "
'fraud.',
'impact': {'brand_reputation_impact': 'Significant (employee frustration, '
'legal threats, regulatory scrutiny)',
'customer_complaints': 'High (150+ ex-employees in WhatsApp group '
'pursuing legal action)',
'data_compromised': ['Bank details',
'Payroll details',
'Salaries',
'National Insurance numbers',
'Contact information'],
'identity_theft_risk': 'High (exfiltrated PII, dark web exposure '
'risk)',
'legal_liabilities': ['Potential ICO fines (up to 2% of global '
'turnover)',
'Employee compensation claims',
'Money laundering investigation'],
'payment_information_risk': 'High (bank and payroll details '
'compromised)',
'systems_affected': ['Merkle’s network']},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (monitoring '
'offered to detect fraud)',
'high_value_targets': ['Employee PII',
'Client data']},
'investigation_status': ['Ongoing (UK ICO)',
'Ongoing (ED India)',
'Employee-led legal preparations'],
'motivation': ['Financial Gain', 'Data Theft'],
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2025-11-26',
'source': 'Financial Times / Media Report'},
{'date_accessed': '2025-11-26',
'source': 'Enforcement Directorate (ED) Press Release'}],
'regulatory_compliance': {'legal_actions': ['UK ICO review (ongoing)',
'ED investigation (ongoing)',
'Employee group litigation '
'(potential)'],
'regulations_violated': ['UK GDPR (potential)',
'India’s Prevention of '
'Money Laundering Act '
'(PMLA)'],
'regulatory_notifications': ['UK ICO complaint '
'filed',
'ED searches conducted '
'(Dentsu India '
'offices)']},
'response': {'communication_strategy': ['Initial notification to staff (Oct '
'2025)',
'Limited follow-up per employee '
'reports'],
'incident_response_plan_activated': 'Yes (cybersecurity firm '
'engaged)',
'law_enforcement_notified': 'Yes (UK and India)',
'remediation_measures': ['Credit monitoring',
'Dark web monitoring for affected '
'individuals'],
'third_party_assistance': 'Yes (external cybersecurity firm)'},
'title': "Dentsu's Merkle Data Breach and Suumaya Money Laundering "
'Investigation',
'type': ['Data Breach', 'Cyberattack', 'Money Laundering Investigation']}