Japan-based Dentsu, one of the world’s largest advertising and PR companies, has disclosed a data breach impacting systems of its subsidiary Merkle.
With headquarters in the US and UK, Merkle is a customer experience management company that has more than 16,000 employees and over 80 locations worldwide.
According to a statement issued on Tuesday by Dentsu, the breach was discovered after abnormal activity was detected on the Merkle network. Some systems have been shut down in response to the incident.
Dentsu has admitted that the hackers have taken certain files from the Merkle network, including ones containing information related to some suppliers, clients, and current and former employees.
In a separate statement on its UK website, which is addressed to current and former employees of its UK operations, Dentsu said the compromised files are believed to include sensitive information such as personal contact details, salary, bank and payroll data, and National Insurance number.
Impacted individuals are being notified and offered free dark web monitoring services.
Dentsu pointed out that its systems in Japan are not affected. Some financial impact is expected, but its full extent will be determined later.
It’s unclear whether the company has been targeted in a ransomware attack. No known cybercrime group has taken credit for an attack on Merkle or Dentsu at the time of writing.
However, Dentsu noted that it’s not aware of any public disclosure of the stolen files. It also said that it “has taken measures to prevent the public disclosure of the data”, which could be interpreted as the company paying a ransom to prevent data leakage.
SecurityWeek has reached out to Dentsu for clarifications and will update this article if the company responds.
UPDATE: Dentsu has sent the following statement to SecurityWeek, but it did not provide any clarifications on whether a ransom has been paid.
We identified unusual activity on a portion of Merkle’s network. Upon discovery, we immediately took action to respond by initiating our incident response protocols, taking some of our systems offline, out of precaution, and taking other steps to contain the activity. Third-party cyber incident response firms who have helped other companies in similar situations were engaged to assist, and law enforcement has been notified. We have brought systems back online and we are fully operational.
The investigation identified that certain files were taken from Merkle’s network. A review of those files determined that they contained information relating to some clients, suppliers, and current and former employees. Although our investigation remains ongoing, we have begun the notification process in accordance with applicable law.
Related: Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack
Related: Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums
