Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data.
The company states that the incident forced them to take certain systems offline as part of their response plan.
“We detected abnormal activity within part of the network of Merkle, a company leading the CXM (Customer Experience Management) area of our group’s overseas business,” reads Dentsu’s announcement.
“We immediately initiated our incident response procedures, proactively shut down certain systems as a precaution, and took swift measures to minimize the impact.”
The company says it reported the incident to relevant authorities in each impacted country, according to its legal obligations, without specifying the incident’s scope.
Dentsu Group is an international advertising and public relations firm. It is the largest agency network in Japan and ranks fifth globally in terms of revenue.
Merkle is Dentsu’s U.S.-based subsidiary, operating as a customer experience and data-driven marketing agency in North America, EMEA, and APAC regions.
The company employs 16,000 people and has an annual revenue of $2 billion, with high-profile customers including Nestle, American Express, Intel, Microsoft, P&G, Cox, 7-Eleven, Burger King, Subway, J.P. Morgan, Diageo, Heineken, Hilton, and Sanofi.
A report from DecisionMarketing says that Dentsu circulated a memo internally to inform staff that their bank and payroll details, salary, National Insurance numbers, and personal contact details had been exposed.
A Dentsu spokesperson confirmed via a statement to BleepingComputer that data has been stolen during the attack, and that impacted individuals are in the process of being notified.
“A review of those files determined that they contained information relating to some clients, suppliers, and current and former employees,” the company representative said.
“The investigation identified that certain files were taken from Merkle’s network,” stated Dentsu to BleepingComputer.
The company has noted that its Japan-based network systems were not impacted, though the incident is expected to have “some financial impact” on them.
Currently, the company’s investigation is trying to determine scale of the incident and full impact. Third-party incident response service have been engaged to assist.
At the time of writing, no ransomware group has claimed responsibility for the attack.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
