Global marketing giant Dentsu is writing to current and former staff after a cyberattack on a subsidiary led to bank, payroll, and other sensitive data being stolen.
The email being sent to affected individuals, seen by The Register, confirmed the attack targeted Merkle, Dentsu’s US-based data-driven media marketing and customer experience business.
Merkle has more than 16,000 employees working across more than 80 locations worldwide, and operates in markets including EMEA, the Americas, and APAC.
In the email sent to former UK staff, Dentsu stated: “We detected unusual activity on servers in Merkle’s network. We immediately implemented our incident response protocols, took steps to contain the activity, and launched an investigation.
“A cybersecurity firm that has worked with other companies to address similar situations was engaged to assist.
“Law enforcement was notified, and we notified the Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC).”
The Japanese company’s public-facing statement was far less detailed, but added that among the steps taken to contain the attack was a shutdown of “certain systems” – language typically used when cleaning up ransomware attacks.
Although the company did not say ransomware was involved, and no group has yet claimed responsibility, we asked it for clarity on that front.
The Register also asked Dentsu for details about how many people were affected and in what regions, and when the attack took place, but the company declined to comment beyond its original statements.
Dentsu is a large corporation. According to its website, it employs around 68,000 people globally and operates in around 120 countries.
The Japan-based Dentsu Group consists of 140 different companies in Japan alone, and 580 more overseas. Its most recent annual financials reported global revenue of $9.2 billion.
As well as confirming the attack, the company’s email also revealed that data was stolen from Merkle’s systems.
“A review of those files determined that they contained your name and other information. Our investigation is ongoing. However, at present we anticipate that the files include bank and payroll details, salary, National Insurance number, and personal contact details.”
Data breaches affect people differently depending on what information was collected. Since the attack affected staff, payroll and National Insurance details may have been exposed.
“We wanted to notify you of this incident and to assure you we take this very seriously,” the email added. “Merkle has taken measures to prevent the public disclosure of the data.
“In addition, we are offering you a complimentary membership to a dark-web monitoring service through Experian.”
Affected individuals were warned that their stolen data could be used to phish or socially engineer them to access their financial accounts or to commit identity fraud, so they should be extra cautious when handling correspondence claiming to be from their banks or similar. ®