Japanese advertising conglomerate Dentsu has confirmed a data breach involving the personal and financial details of its UK workforce, after attackers gained unauthorized access to servers belonging to Merkle, one of its U.S.-based subsidiaries. The breach is believed to have compromised data belonging to both current and former employees, potentially affecting thousands.
Breach Origin Linked to Merkle’s Compromised Network
The company detected “unusual activity” within Merkle’s network earlier this month, prompting an internal investigation. Merkle, a data-driven marketing and analytics firm acquired by Dentsu in 2016, discovered that several files had been exfiltrated from its systems during the attack.
“The investigation identified that certain files were taken from Merkle’s network. A review of those files determined that they contained information concerning current and former employees,” Dentsu confirmed in its breach notice.
The exact number of affected individuals remains undisclosed. However, Dentsu employs more than 2,500 people across the United Kingdom and has operated in the country for decades, suggesting that tens of thousands of former employees could also be impacted.
Sensitive Employee Information at Risk
According to Dentsu’s preliminary findings, the stolen files included multiple categories of personally identifiable and financial data. The information likely exposed in the breach includes:
- Payroll and salary details
- National Insurance numbers
- Employee names and personal contact information
- Employment history and departmental records
While the company has not publicly confirmed whether banking details or tax data were affected, the sensitivity of payroll and identity-related information raises the risk of targeted phishing, identity theft, and financial fraud.
Cybersecurity experts warn that attackers could weaponize salary information to specifically target higher-earning employees through spear-phishing or executive fraud campaigns.
Potential Long-Term Impact on Employees
The breach at Merkle underscores the increasing risks within marketing and data-driven industries, where large-scale analytics and personal data management are core to operations. Dentsu’s UK workforce — spread across creative, digital, and media divisions — may face prolonged exposure to cyberthreats if stolen data circulates on criminal marketplaces.
The company stated that it is “working closely with external cybersecurity specialists and relevant authorities” to contain the incident, secure its systems, and notify affected individuals. Employee notifications are expected to include details on recommended monitoring measures and protective steps against fraud.
“Malicious actors could use the compromised details for identity theft or phishing campaigns. Salary data, in particular, can be leveraged to target high-value individuals,” a security researcher familiar with the case noted.
The breach adds to the growing list of cyberattacks targeting professional service firms where human resource data, payroll systems, and analytics infrastructure overlap.
