[Global] Dentsu warns staff after cyberattack on Merkle subsidiary

The global marketing firm Dentsu is contacting current and former staff following a cyberattack on a subsidiary which led to the theft of payroll, banking and other sensitive data, MSN reports.

The email that affected individuals are receiving was seen and reported on by The Register. 

It reportedly confirmed that an attack had targeted Merkle, Dentsu's US-based data-driven media marketing and customer experience business.

The Japanese advertising giant employs 16,000+ employees across more than 80 locations worldwide, and operates in markets including EMEA, the Americas, and APAC.

In an email sent to former UK staff, Dentsu wrote, "We detected unusual activity on servers in Merkle's network. We immediately implemented our incident response protocols, took steps to contain the activity, and launched an investigation. 

"A cybersecurity firm that has worked with other companies to address similar situations was engaged to assist. 

"Law enforcement was notified, and we notified the Information Commissioner's Office (ICO) and National Cyber Security Centre (NCSC)."

Dentsu's public-facing statement offered less detail, but reportedly added that among the steps taken to contain the attack was a shutdown of "certain systems". Such language is typically used when cleaning up ransomware attacks.

When The Register asked for clarity, the company did not acknowledge that ransomware was involved, and no group has yet claimed responsibility. 

The publication also requested details from Dentsu about the number of people affected and the regions involved, as well as the date of the attack, but the company declined to comment beyond its original statements.

Dentsu is a large corporation. Its website states that it employs around 68,000 people globally and operates in around 120 countries. Based in Japan, the Dentsu Group has 140 companies there alone, and 580 further entities overseas. Its most recent financial reporting detailed global revenue of $9.2 billion.

In addition to confirming the attack, the company's email also revealed that data was stolen from Merkle's systems.

"A review of those files determined that they contained your name and other information. Our investigation is ongoing. However, at present, we anticipate that the files include bank and payroll details, salary, National Insurance number, and personal contact details.

"We wanted to notify you of this incident and to assure you we take this very seriously," the email continued. "Merkle has taken measures to prevent the public disclosure of the data.

"In addition, we are offering you a complimentary membership to a dark-web monitoring service through Experian."

Affected current and former employees were reportedly warned that their stolen data could be used to phish or socially engineer them to gain access to their financial accounts or commit identity fraud. It urged them to use extra caution when handling correspondence claiming to be from their banks or similar. 

Source: MSN

(Quotes via original reporting)

The global marketing firm Dentsu is contacting current and former staff following a cyberattack on a subsidiary which led to the theft of payroll, banking and other sensitive data, MSN reports.

The email that affected individuals are receiving was seen and reported on by The Register. 

It reportedly confirmed that an attack had targeted Merkle, Dentsu's US-based data-driven media marketing and customer experience business.

The Japanese advertising giant employs 16,000+ employees across more than 80 locations worldwide, and operates in markets including EMEA, the Americas, and APAC.

In an email sent to former UK staff, Dentsu wrote, "We detected unusual activity on servers in Merkle's network. We immediately implemented our incident response protocols, took steps to contain the activity, and launched an investigation. 

"A cybersecurity firm that has worked with other companies to address similar situations was engaged to assist. 

"Law enforcement was notified, and we notified the Information Commissioner's Office (ICO) and National Cyber Security Centre (NCSC)."

Dentsu's public-facing statement offered less detail, but reportedly added that among the steps taken to contain the attack was a shutdown of "certain systems". Such language is typically used when cleaning up ransomware attacks.

When The Register asked for clarity, the company did not acknowledge that ransomware was involved, and no group has yet claimed responsibility. 

The publication also requested details from Dentsu about the number of people affected and the regions involved, as well as the date of the attack, but the company declined to comment beyond its original statements.

Dentsu is a large corporation. Its website states that it employs around 68,000 people globally and operates in around 120 countries. Based in Japan, the Dentsu Group has 140 companies there alone, and 580 further entities overseas. Its most recent financial reporting detailed global revenue of $9.2 billion.

In addition to confirming the attack, the company's email also revealed that data was stolen from Merkle's systems.

"A review of those files determined that they contained your name and other information. Our investigation is ongoing. However, at present, we anticipate that the files include bank and payroll details, salary, National Insurance number, and personal contact details.

"We wanted to notify you of this incident and to assure you we take this very seriously," the email continued. "Merkle has taken measures to prevent the public disclosure of the data.

"In addition, we are offering you a complimentary membership to a dark-web monitoring service through Experian."

Affected current and former employees were reportedly warned that their stolen data could be used to phish or socially engineer them to gain access to their financial accounts or commit identity fraud. It urged them to use extra caution when handling correspondence claiming to be from their banks or similar. 

Source: MSN

(Quotes via original reporting)