Japanese advertising giant Dentsu has confirmed that its U.S.-based subsidiary, Merkle—specialized in digital marketing and customer experience—was the target of a major cyberattack that exposed sensitive data from both employees and clients.
The incident forced the company to disconnect several systems to contain the damage, while external cybersecurity experts investigate the breach. Although the systems have been restored, the impact may extend beyond Merkle’s infrastructure.
What Happened and How the Attack Was Detected
The attack was uncovered when Dentsu’s security teams identified unusual activity on Merkle’s network, a core pillar of Dentsu’s international operations.
In an official statement, the company explained:
“We detected unusual activity on part of Merkle’s network. We immediately activated our incident response protocols, shut down systems as a precaution, and took steps to minimize impact. Systems have been restored and the investigation is ongoing.”
These actions are part of an emergency protocol aimed at isolating compromised systems to prevent further spread. Dentsu reported that authorities in several countries have been notified and that the investigation is being conducted with the support of an external cybersecurity firm.
What Information Was Exposed?
After several days of forensic analysis, Dentsu confirmed that attackers were able to steal internal Merkle files containing data about employees, clients, and vendors.
The company detailed that the compromised files included:
- Personal and contact information of current and former employees
- Payroll and banking details
- Salaries and National Insurance numbers
- Client and business partner information
In its statement, Dentsu added that affected individuals are being notified individually and will be offered free Dark Web monitoring—an increasingly common practice to detect impersonation or sale of stolen data.
Read more: Adidas Confirms Data Breach Following Cyberattack
Who Is Behind the Attack?
As of now, no ransomware group has claimed responsibility, raising the possibility that the incident may have been a silent data theft without direct extortion.
However, the nature of the attack and the type of data stolen suggest a coordinated operation likely carried out by an experienced corporate infiltration group.
The fact that Merkle’s systems were restored relatively quickly suggests that the attackers did not encrypt the data but rather extracted it without disrupting business operations—a tactic increasingly seen in corporate cyberespionage.
Why Merkle Is a High-Value Target
Merkle, Inc., headquartered in the United States, is a leading agency in digital marketing and customer experience management (CXM). With over 16,000 employees worldwide and an estimated annual revenue of $1.5 billion, its business relies on data, analytics, and technology to personalize campaigns and enhance brand-customer relationships.
This reliance on data makes Merkle an attractive target. Marketing firms store vast volumes of personal data, behavioral insights, and financial profiles—making them prime candidates for data theft.
It’s not just about gaining access to confidential information; cybercriminals know that reputational damage can be devastating for a company that depends on trust.
Dentsu’s Response to the Breach
Dentsu stated that the group’s core systems, especially those located in Japan, were not affected. However, it admitted that the financial impact of the incident is not yet known.
With more than 67,000 employees worldwide, Dentsu reported revenues of ¥1.41 trillion (about €10.2 billion) in 2024. Its current priority is to restore trust among affected clients and employees by strengthening security protocols.
Another Blow in the Corporate Cyberattack Surge
The Merkle incident is not isolated. In 2025, global corporations have seen a record surge in cyberattacks targeting their value chains.
At TecnetOne, our analysis shows that cybercriminals are shifting strategies: they no longer just seek money but also strategic data for extortion or sale. The most affected sectors are:
- Marketing and advertising (for their access to massive data)
- Healthcare and finance (for the sensitivity of the information)
- Technology and business services (for their critical infrastructure)
The trend also highlights that companies with multiple subsidiaries or global presence are more vulnerable, as systems often span countries with varying security standards.
How Companies Can Protect Themselves
At TecnetOne, we recommend a comprehensive cyber resilience strategy based on three pillars:
- Full visibility of your environment
Know what assets you have, where they are, and who has access. Most breaches happen in blind spots.
- Continuous vulnerability and patch management
Cybercriminals often exploit known flaws. Automating patching and frequent audits can reduce risk by up to 80%.
- Employee training
Social engineering remains the most common entry point. Training teams to detect phishing and adopt best practices is crucial.
Additionally, companies should implement encrypted backups, Dark Web monitoring, and well-tested incident response plans through drills.
Similar titles: Data Breach at Thermomix Exposes User Information
Lessons from the Merkle Breach
This attack reinforces a well-known truth: no company, however large or sophisticated, is entirely safe.
The failure isn’t being attacked—it’s not detecting or reporting it transparently and promptly. Dentsu acted quickly to isolate systems and alert authorities, but the case highlights the need for investment in prevention rather than crisis response.
It also underscores the importance of monitoring not just your own systems but those of your partners and vendors. A weak link can compromise the entire chain.
Conclusion: A Wake-Up Call for All Organizations
The cyberattack on Merkle is a powerful reminder that cybersecurity can’t be an afterthought. Companies handling personal data must ensure not only regulatory compliance but also the trust of their clients.
At TecnetOne, we believe incidents like this are an opportunity to reassess and strengthen digital defenses.
The best strategy is not to react to the breach but to prevent it—building a corporate culture that integrates security at every level, from infrastructure to human factors.
Because a company’s reputation is worth as much as the safety of its data.
