Japanese advertising firm Dentsu said its U.S. subsidiary Merkle experienced a cybersecurity incident that exposed staff and client data, and that some systems were taken offline as part of its response; the company made the disclosure in an announcement.
Dentsu said it detected abnormal activity on part of Merkle’s network, initiated incident response procedures and proactively shut down certain systems to minimize impact, according to the company announcement.
An internal memo circulated to staff, reported by DecisionMarketing, said employees’ bank and payroll details, salary information, National Insurance numbers and personal contact details were exposed.
A Dentsu spokesperson confirmed that data was stolen during the attack and that impacted individuals are being notified, and said a review showed files relating to some clients, suppliers and current and former employees were taken from Merkle’s network.
Merkle operates as a customer experience and data-driven marketing agency across North America, EMEA and APAC, employs about 16,000 people and has annual revenue of $2 billion; its clients include Nestle, American Express, Intel, Microsoft, P&G, Cox, 7-Eleven, Burger King, Subway, J.P. Morgan, Diageo, Heineken, Hilton and Sanofi.
Dentsu said it has reported the incident to relevant authorities where required, engaged third-party incident response services, and that Japan-based network systems were not impacted, though it expects the incident to have some financial impact; the company said it is still determining the scale and full impact, and no ransomware group has claimed responsibility at this time.