Global advertising and marketing group Dentsu has confirmed that its UK subsidiary, Merkle, suffered a data breach exposing sensitive information belonging to current and former employees. The company said that the breach occurred after unauthorized actors accessed part of its network and copied internal files containing personal and payroll data.
The incident was discovered after unusual activity was detected on Merkle’s systems. A review of the affected files revealed that they included details about individuals employed by Dentsu’s UK business, including salary and payroll information, National Insurance numbers, and contact details. The company has not disclosed how many employees were affected, but given the size of Dentsu’s UK workforce, the number is likely substantial.
Following the discovery of the breach, Dentsu immediately launched an internal investigation and brought in an external cybersecurity firm to assist with containment and analysis. The company notified the United Kingdom’s Information Commissioner’s Office and the National Cyber Security Centre, both of which are now aware of the incident.
Dentsu has contacted employees whose data was included in the breach and offered them one year of complimentary credit monitoring and dark web surveillance. These services are meant to help affected individuals detect any misuse of their personal information and respond quickly if suspicious activity is found.
In its public statement, Dentsu said that it has taken additional steps to secure its systems and that operational networks remain functional. The company confirmed that its Japan-based infrastructure was not affected by the breach. It also emphasized that the attack did not disrupt business operations, but investigations are ongoing to determine how the attackers gained access and whether any other systems were targeted.
At this stage, Dentsu has not confirmed whether the breach involved ransomware or if any criminal group has claimed responsibility. Cybersecurity analysts note that this type of data theft often precedes extortion attempts, where threat actors demand payment to prevent the release of stolen information. However, no such demands have been publicly reported in connection with this case.
The breach has raised concerns within the advertising and marketing industry, where companies manage large volumes of personal and commercial data. Security experts warn that employee data can be just as valuable to cybercriminals as client information, since payroll and identification details can be used for identity theft or social engineering. Even without disruption to operations, the exposure of this type of information can have long-term implications for those affected.
Merkle, one of Dentsu’s largest subsidiaries, specializes in data-driven marketing and digital transformation services. The UK division employs more than 2,500 people, making it one of the company’s key European operations. While Dentsu has stated that its priority is supporting impacted employees, it is also reviewing its broader data management and storage procedures to reduce the likelihood of similar incidents in the future.
Dentsu has pledged to continue working closely with cybersecurity experts and UK authorities as the investigation continues. The company said it will provide updates as more information becomes available and reaffirmed its commitment to maintaining the highest possible standards of data protection.
Although the investigation is still underway, there is currently no indication that the stolen data has been publicly released. For now, Dentsu’s focus remains on identifying the cause of the breach, mitigating its impact, and ensuring that employee information is safeguarded against future threats.