ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

dentsu Company CyberSecurity Posture

dentsu.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

We are dentsu. We team together to help brands predict and plan for disruptive future opportunities and create new paths to growth in the sustainable economy. We know people better than anyone else and we use those insights to connect brand, content, commerce and experience, underpinned by modern creativity. We are the network designed for what’s next.

dentsu A.I CyberSecurity Scoring

dentsu

Company Details

Linkedin ID:

dentsu

Website:

https://bit.ly/3lDa6Ff

Employees number:

17,547

Number of followers:

1,639,223

NAICS:

541613

Industry Type:

Advertising Services

Homepage:

dentsu.com

IP Addresses:

159

Company ID:

DEN_1102532

Scan Status:

Completed

AI scoredentsu Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/dentsu.jpeg
dentsu Advertising Services
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoredentsu Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/dentsu.jpeg
dentsu Advertising Services
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

dentsu Company CyberSecurity News & History

Past Incidents
2
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Dentsu (via Merkle’s network)Breach85310/2025
DEN1492114110225
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: Dentsu, a global advertising and media network, suffered a security breach within its subsidiary **Merkle’s network**, resulting in the theft of sensitive files. The compromised data included **personal and financial details** of **current and former employees**, as well as **some clients and suppliers**. Exposed information comprised **names, bank/payroll details, salaries, National Insurance numbers, and personal contact details**.The company detected **unusual network activity**, triggering an immediate response: systems were taken offline, incident response protocols were activated, and third-party cybersecurity firms alongside law enforcement were engaged. While Dentsu restored operations, the investigation remains ongoing. Affected individuals were notified and offered **credit/dark-web monitoring services** via Experian Identity Plus to mitigate risks like identity theft or financial fraud.The breach coincides with Dentsu’s strategic review, including potential divestments of its international creative and media divisions, raising concerns about operational stability. The incident underscores vulnerabilities in handling **highly sensitive employee and client data**, with potential long-term reputational and financial repercussions.

DentsuBreach8535/2025
DEN0962609112125
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: Dentsu, a global advertising and marketing agency, suffered a significant data breach affecting its CX agency, Merkle. The incident involved unauthorized access to files containing sensitive personal and financial data of **current and former employees**, including bank/payroll details, salaries, National Insurance numbers, and contact information. The breach also extended to **LNER (London North Eastern Railway) customer data**, exposing contact details and journey histories, though no payment or password data was compromised. The breach triggered a complaint to the UK’s **Information Commissioner’s Office (ICO)**, with affected ex-employees forming legal groups (one WhatsApp group exceeding 150 members) to pursue collective action. Dentsu acknowledged the leak exceeded legal reporting thresholds and offered affected individuals a year of **Experian Identity Plus** for monitoring. However, frustration persists over delayed notifications, unclear specifics of leaked data, and Dentsu’s retention of records beyond standard HMRC timelines (some ex-employees left over a decade ago). The ICO may impose fines (up to **£8.7M or 2% of global turnover**) if negligence is proven, separate from potential compensation claims.

Dentsu (via Merkle’s network)
Breach
Severity: 85
Impact: 3
Seen: 10/2025
Blog:
DEN1492114110225
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: Dentsu, a global advertising and media network, suffered a security breach within its subsidiary **Merkle’s network**, resulting in the theft of sensitive files. The compromised data included **personal and financial details** of **current and former employees**, as well as **some clients and suppliers**. Exposed information comprised **names, bank/payroll details, salaries, National Insurance numbers, and personal contact details**.The company detected **unusual network activity**, triggering an immediate response: systems were taken offline, incident response protocols were activated, and third-party cybersecurity firms alongside law enforcement were engaged. While Dentsu restored operations, the investigation remains ongoing. Affected individuals were notified and offered **credit/dark-web monitoring services** via Experian Identity Plus to mitigate risks like identity theft or financial fraud.The breach coincides with Dentsu’s strategic review, including potential divestments of its international creative and media divisions, raising concerns about operational stability. The incident underscores vulnerabilities in handling **highly sensitive employee and client data**, with potential long-term reputational and financial repercussions.

Dentsu
Breach
Severity: 85
Impact: 3
Seen: 5/2025
Blog:
DEN0962609112125
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: Dentsu, a global advertising and marketing agency, suffered a significant data breach affecting its CX agency, Merkle. The incident involved unauthorized access to files containing sensitive personal and financial data of **current and former employees**, including bank/payroll details, salaries, National Insurance numbers, and contact information. The breach also extended to **LNER (London North Eastern Railway) customer data**, exposing contact details and journey histories, though no payment or password data was compromised. The breach triggered a complaint to the UK’s **Information Commissioner’s Office (ICO)**, with affected ex-employees forming legal groups (one WhatsApp group exceeding 150 members) to pursue collective action. Dentsu acknowledged the leak exceeded legal reporting thresholds and offered affected individuals a year of **Experian Identity Plus** for monitoring. However, frustration persists over delayed notifications, unclear specifics of leaked data, and Dentsu’s retention of records beyond standard HMRC timelines (some ex-employees left over a decade ago). The ICO may impose fines (up to **£8.7M or 2% of global turnover**) if negligence is proven, separate from potential compensation claims.

Ailogo

dentsu Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for dentsu

Incidents vs Advertising Services Industry Average (This Year)

dentsu has 119.78% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

dentsu has 159.74% more incidents than the average of all companies with at least one recorded incident.

Incident Types dentsu vs Advertising Services Industry Avg (This Year)

dentsu reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.

Incident History — dentsu (X = Date, Y = Severity)

dentsu cyber incidents detection timeline including parent company and subsidiaries

dentsu Company Subsidiaries

SubsidiaryImage

We are dentsu. We team together to help brands predict and plan for disruptive future opportunities and create new paths to growth in the sustainable economy. We know people better than anyone else and we use those insights to connect brand, content, commerce and experience, underpinned by modern creativity. We are the network designed for what’s next.

similarCompanies

dentsu Similar Companies

Interpublic Group (IPG)
interpublic.com

Interpublic (NYSE: IPG) is a values-based, data-fueled, and creatively-driven provider of marketing solutions. Home to some of the world’s best-known and most innovative communications specialists, IPG global brands include Acxiom, Craft, FCB, FutureBrand, Golin, Initiative, IPG Health, IPG Mediabra

Security Report Compare
IPG Mediabrands
ipgmediabrands.com

IPG Mediabrands is the media and marketing solutions division of Interpublic Group (NYSE: IPG). IPG Mediabrands manages over $47 billion in marketing investment globally on behalf of its clients across its full-service agency networks UM, Initiative and Mediahub and through its award-winning special

Security Report Compare

Clinic is an independent creative agency. We create bold ideas, and craft them beautifully, to get people thinking, believing and doing. All of our experience goes into what we do today, and although our world’s constantly changing, the endpoint is still people and their experience, no matter

Security Report Compare
Ogilvy
ogilvy.com

Ogilvy has been creating impact for brands through iconic, culture-changing, value-driving ideas since the company was founded by David Ogilvy 75 years ago. We build on that rich legacy through Borderless Creativity – innovating at the intersections of its advertising, public relations, relationship

Security Report Compare

VML is a global powerhouse born from the unification of Wunderman Thompson and VMLY&R — two of the world's most powerful and accomplished creative agencies with complementary capabilities and geographic strengths. We have an industry-unique opportunity to provide our client partners with a fully int

Security Report Compare
Publicis Groupe
publicisgroupe.com

Founded in 1926 by Marcel Bleustein-Blanchet, today Publicis Groupe is the largest communications group in the world and a leader in marketing, communication, and digital business transformation, led by Arthur Sadoun, the third CEO in its history. Publicis Groupe is positioned at every step of the

Security Report Compare

Quad (NYSE: QUAD) is a global marketing experience company that helps brands make direct consumer connections, from household to in-store to online. Supported by state-of-the-art technology and data-driven intelligence, Quad uses its suite of media, creative and production solutions to streamline th

Security Report Compare
Clear Channel Europe
clearchanneleurope.com

Clear Channel Europe is a division of leading global Out of Home media company, Clear Channel Outdoor Holdings, Inc. (NYSE: CCO). The Clear Channel Europe portfolio spans 14 markets with 260,000 advertising panels. Clear Channel Europe has 2,600 dedicated employees. Our Mission is To Create the fu

Security Report Compare
Havas
havas.com

TO MAKE A MEANINGFUL DIFFERENCE TO BRANDS, TO BUSINESSES AND TO PEOPLE Founded in 1835 in Paris, Havas is one of the world’s largest global communications networks, with more than 23,000 people in over 100 markets sharing one single mission: to make a meaningful difference to brands, businesses, a

Security Report Compare
newsone

dentsu CyberSecurity News

November 26, 2025 08:39 AM
Dentsu’s UK data breach sparks employee-led legal push

At least one WhatsApp group now counts more than 150 ex‑employees discussing collective legal options, and a “Join the Claim” portal has...

Read Article
November 24, 2025 06:24 AM
‘Adland is not prepared for cyber attacks’ warns former agency chief

Dentsu is the latest large organisation to face a major cyber attack, following Jaguar Land Rover, M&S and the Co-op.

Read Article
November 22, 2025 07:03 AM
Dentsu Confirms Major Data Breach At Merkle, Exposing Sensitive Employee Information

Dentsu has confirmed a cybersecurity incident affecting its data-driven marketing arm Merkle, after detecting suspicious activity within the...

Read Article
November 21, 2025 06:33 AM
More than 150 ex-Dentsu employees plan legal action for data breach

Former Dentsu staff say they were never contacted after the breach and are unsure what personal information was leaked or why it was still...

Read Article
November 20, 2025 08:00 AM
Dentsu’s Merkle suffers data breach, sensitive information stolen

Dentsu confirms a data breach at Merkle's UK operations, with sensitive employee and limited client information stolen after suspicious...

Read Article
November 11, 2025 08:00 AM
Dentsu leak compromised LNER customer data

Dentsu's data breach has compromised LNER'S customer data. Campaign reported in late October that former, current and “some clients” at...

Read Article
November 07, 2025 08:00 AM
Bank, payroll and National Insurance details stolen in Dentsu security incident

Dentsu says personal information from current and former employees has been taken during a cyber incident at its Merkle division.

Read Article
October 31, 2025 07:00 AM
Cybersecurity News: LinkedIn AI opt-out, NSA leadership candidates, Python foundation withdraws

Monday deadline of LinkedIn users to opt out of AI training, New names for NSA leadership, Python rejects grant, citing DEI restrictions.

Read Article
October 30, 2025 07:00 AM
Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

Dentsu said its U.S. unit Merkle was hit by a cyberattack exposing staff and client data, forcing some systems offline.

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

dentsu CyberSecurity History Information

Official Website of dentsu

The official website of dentsu is https://bit.ly/3lDa6Ff.

dentsu’s AI-Generated Cybersecurity Score

According to Rankiteo, dentsu’s AI-generated cybersecurity score is 665, reflecting their Weak security posture.

How many security badges does dentsu’ have ?

According to Rankiteo, dentsu currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does dentsu have SOC 2 Type 1 certification ?

According to Rankiteo, dentsu is not certified under SOC 2 Type 1.

Does dentsu have SOC 2 Type 2 certification ?

According to Rankiteo, dentsu does not hold a SOC 2 Type 2 certification.

Does dentsu comply with GDPR ?

According to Rankiteo, dentsu is not listed as GDPR compliant.

Does dentsu have PCI DSS certification ?

According to Rankiteo, dentsu does not currently maintain PCI DSS compliance.

Does dentsu comply with HIPAA ?

According to Rankiteo, dentsu is not compliant with HIPAA regulations.

Does dentsu have ISO 27001 certification ?

According to Rankiteo,dentsu is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of dentsu

dentsu operates primarily in the Advertising Services industry.

Number of Employees at dentsu

dentsu employs approximately 17,547 people worldwide.

Subsidiaries Owned by dentsu

dentsu presently has no subsidiaries across any sectors.

dentsu’s LinkedIn Followers

dentsu’s official LinkedIn profile has approximately 1,639,223 followers.

NAICS Classification of dentsu

dentsu is classified under the NAICS code 541613, which corresponds to Marketing Consulting Services.

dentsu’s Presence on Crunchbase

No, dentsu does not have a profile on Crunchbase.

dentsu’s Presence on LinkedIn

Yes, dentsu maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dentsu.

Cybersecurity Incidents Involving dentsu

As of December 11, 2025, Rankiteo reports that dentsu has experienced 2 cybersecurity incidents.

Number of Peer and Competitor Companies

dentsu has an estimated 32,582 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at dentsu ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

How does dentsu detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with cybersecurity firm (unnamed), third party assistance with experian identity plus (for monitoring services), and and containment measures with systems taken offline, containment measures with incident response protocols initiated, and recovery measures with systems brought back online, and communication strategy with internal email to employees, communication strategy with public statement, communication strategy with notification process for affected parties, and and third party assistance with cybersecurity firm (unnamed), and and remediation measures with offered experian identity plus (1-year subscription for credit/dark-web monitoring), and communication strategy with initial notification to affected individuals (27 oct 2023), communication strategy with encouraged monitoring of financial statements, communication strategy with no further updates provided, and enhanced monitoring with fraud monitoring recommended for affected individuals..

Incident Details

Can you provide details on each incident ?

Incident : data breach

measurementExposure impactImpact

Title: Data Breach at Dentsu's Merkle Network Affecting Employees, Clients, and Suppliers

Description: Former and current staff at Dentsu and some clients had their information taken following a security incident within Merkle’s network. Files containing names, bank and payroll details, salary, National Insurance numbers, and personal contact details were exfiltrated. Dentsu has engaged third-party cybersecurity firms, notified law enforcement, and offered affected individuals credit and dark-web monitoring services via Experian Identity Plus. The investigation remains ongoing, but notifications have begun in compliance with applicable laws.

Type: data breach

Incident : Data Breach

measurementExposure impactImpact

Title: Dentsu Data Breach Affecting Former Employees and LNER Customers

Description: Dentsu reported a data breach where files containing personal and financial details of former employees (including bank/payroll details, salary, National Insurance numbers, and contact details) were exfiltrated from Merkle’s network. The breach also impacted LNER customer data, including contact details and journey information. The ICO is investigating, and affected individuals are considering legal action. Dentsu offered credit monitoring services and notified law enforcement.

Date Publicly Disclosed: 2023-10-27

Type: Data Breach

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

Impact of the Incidents

What was the impact of each incident ?

Incident : data breach DEN1492114110225

Data Compromised: Names, Bank details, Payroll details, Salary information, National insurance numbers, Personal contact details

Systems Affected: portion of Merkle’s network

Downtime: temporary (some systems taken offline as precaution)

Operational Impact: minimal (fully operational after containment)

Brand Reputation Impact: potential (ongoing investigation amid speculation about Dentsu's future)

Identity Theft Risk: high (bank, payroll, and PII exposed)

Payment Information Risk: high (bank details compromised)

Incident : Data Breach DEN0962609112125

Data Compromised: Bank/payroll details, Salary information, National insurance numbers, Personal contact details, Lner customer contact details, Lner journey information

Systems Affected: Merkle’s (Dentsu’s CX agency) network

Customer Complaints: ['Collective legal action being considered by former employees', 'Frustration over lack of follow-up communication', 'Complaints about prolonged data retention (10+ years)']

Brand Reputation Impact: Potential reputational damage due to legal action and regulatory scrutinyNegative media coverage

Legal Liabilities: Potential ICO fines (up to £8.7M or 2% of global turnover)Group action claims by former employeesViolation of UK GDPR and Data Protection Act 2018 (excessive data retention)

Identity Theft Risk: ['High (due to exposure of National Insurance numbers, bank details, and personal contact information)']

Payment Information Risk: ['Exposed for former employees (bank/payroll details)', 'Not affected for LNER customers']

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Identifiable Information (Pii), Financial Data, Employment Records, , Personal Identifiable Information (Pii), Financial Data, Employment Records, Customer Contact Details, Journey Information and .

Which entities were affected by each incident ?

Incident : data breach DEN1492114110225

Entity Name: Dentsu (via Merkle network)

Entity Type: advertising and marketing agency

Industry: media and communications

Customers Affected: some clients, suppliers, and current/former employees

Incident : Data Breach DEN0962609112125

Entity Name: Dentsu (including Merkle CX agency)

Entity Type: Advertising/Media Conglomerate

Industry: Marketing & Advertising

Location: United KingdomJapan (HQ)

Customers Affected: Current/former employees (150+ in one WhatsApp group), Clients, Suppliers

Incident : Data Breach DEN0962609112125

Entity Name: London North Eastern Railway (LNER)

Entity Type: Train Operator

Industry: Transportation

Location: United Kingdom

Customers Affected: Unknown (contact details and journey information exposed)

Response to the Incidents

What measures were taken in response to each incident ?

Incident : data breach DEN1492114110225

Incident Response Plan Activated: True

Third Party Assistance: Cybersecurity Firm (Unnamed), Experian Identity Plus (For Monitoring Services).

Containment Measures: systems taken offlineincident response protocols initiated

Recovery Measures: systems brought back online

Communication Strategy: internal email to employeespublic statementnotification process for affected parties

Incident : Data Breach DEN0962609112125

Incident Response Plan Activated: True

Third Party Assistance: Cybersecurity Firm (Unnamed).

Remediation Measures: Offered Experian Identity Plus (1-year subscription for credit/dark-web monitoring)

Communication Strategy: Initial notification to affected individuals (27 Oct 2023)Encouraged monitoring of financial statementsNo further updates provided

Enhanced Monitoring: Fraud monitoring recommended for affected individuals

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through cybersecurity firm (unnamed), Experian Identity Plus (for monitoring services), , Cybersecurity firm (unnamed), .

Data Breach Information

What type of data was compromised in each breach ?

Incident : data breach DEN1492114110225

Type of Data Compromised: Personal identifiable information (pii), Financial data, Employment records

Sensitivity of Data: high (includes bank details, National Insurance numbers, and salary information)

Personally Identifiable Information: namesNational Insurance numberspersonal contact details

Incident : Data Breach DEN0962609112125

Type of Data Compromised: Personal identifiable information (pii), Financial data, Employment records, Customer contact details, Journey information

Sensitivity of Data: High (includes National Insurance numbers, bank details, salaries)

Personally Identifiable Information: NamesNational Insurance numbersBank/payroll detailsSalariesPersonal contact details (email/phone/address)

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offered Experian Identity Plus (1-year subscription for credit/dark-web monitoring), .

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by systems taken offline, incident response protocols initiated and .

Ransomware Information

Was ransomware involved in any of the incidents ?

Incident : data breach DEN1492114110225

Data Exfiltration: True

Incident : Data Breach DEN0962609112125

Data Exfiltration: True

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through systems brought back online, .

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : data breach DEN1492114110225

Regulatory Notifications: ongoing (notifications begun in accordance with applicable law)

Incident : Data Breach DEN0962609112125

Regulations Violated: UK GDPR, Data Protection Act 2018 (excessive data retention beyond 7 years),

Legal Actions: ICO investigation ongoing, Potential group action claims by former employees,

Regulatory Notifications: Reported to ICO (scale exceeded legal threshold)Law enforcement notified

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through ICO investigation ongoing, Potential group action claims by former employees, .

Lessons Learned and Recommendations

What recommendations were made to prevent future incidents ?

Incident : data breach DEN1492114110225

Recommendations: monitor financial statements, use credit/dark-web monitoring services (e.g., Experian Identity Plus)monitor financial statements, use credit/dark-web monitoring services (e.g., Experian Identity Plus)

Incident : Data Breach DEN0962609112125

Recommendations: Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), Proactively engage with affected parties to mitigate legal risks, Review third-party supplier security (LNER breach linked to Dentsu’s systems)Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), Proactively engage with affected parties to mitigate legal risks, Review third-party supplier security (LNER breach linked to Dentsu’s systems)Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), Proactively engage with affected parties to mitigate legal risks, Review third-party supplier security (LNER breach linked to Dentsu’s systems)Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), Proactively engage with affected parties to mitigate legal risks, Review third-party supplier security (LNER breach linked to Dentsu’s systems)

References

Where can I find more information about each incident ?

Incident : data breach DEN1492114110225

Source: Campaign (marketing industry publication)

Incident : Data Breach DEN0962609112125

Source: Campaign UK

Incident : Data Breach DEN0962609112125

Source: Information Commissioner’s Office (ICO) Statement

Incident : Data Breach DEN0962609112125

Source: Withers Law Firm (Jo Sanders, Data/Information Disputes Partner)

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Campaign (marketing industry publication), and Source: Campaign UK, and Source: Information Commissioner’s Office (ICO) Statement, and Source: Withers Law Firm (Jo Sanders, Data/Information Disputes Partner).

Investigation Status

What is the current status of the investigation for each incident ?

Incident : data breach DEN1492114110225

Investigation Status: ongoing

Incident : Data Breach DEN0962609112125

Investigation Status: Ongoing (ICO inquiry and internal investigation with cybersecurity firm)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Internal Email To Employees, Public Statement, Notification Process For Affected Parties, Initial Notification To Affected Individuals (27 Oct 2023), Encouraged Monitoring Of Financial Statements and No Further Updates Provided.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : data breach DEN1492114110225

Stakeholder Advisories: Internal Email To Employees, Public Statement.

Customer Advisories: encouraged to monitor financial statementsoffered Experian Identity Plus subscription

Incident : Data Breach DEN0962609112125

Customer Advisories: Dentsu: Monitor financial statements; offered Experian Identity Plus.LNER: No bank/payment card/password data affected; investigation underway.

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Internal Email To Employees, Public Statement, Encouraged To Monitor Financial Statements, Offered Experian Identity Plus Subscription, , Dentsu: Monitor Financial Statements; Offered Experian Identity Plus., Lner: No Bank/Payment Card/Password Data Affected; Investigation Underway. and .

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : data breach DEN1492114110225

High Value Targets: Employee Data, Client/Supplier Data,

Data Sold on Dark Web: Employee Data, Client/Supplier Data,

Incident : Data Breach DEN0962609112125

High Value Targets: Employee Pii/Financial Data, Client/Supplier Data,

Data Sold on Dark Web: Employee Pii/Financial Data, Client/Supplier Data,

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach DEN0962609112125

Root Causes: Inadequate Data Retention Policies (Retained Data For 10+ Years Beyond Legal Limits), Potential Third-Party Security Vulnerabilities (Merkle’S Network),

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cybersecurity Firm (Unnamed), Experian Identity Plus (For Monitoring Services), , Cybersecurity Firm (Unnamed), , Fraud Monitoring Recommended For Affected Individuals, .

Additional Questions

Incident Details

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-27.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, bank details, payroll details, salary information, National Insurance numbers, personal contact details, , Bank/payroll details, Salary information, National Insurance numbers, Personal contact details, LNER customer contact details, LNER journey information and .

What was the most significant system affected in an incident ?

Most Significant System Affected: The most significant system affected in an incident was portion of Merkle’s network and Merkle’s (Dentsu’s CX agency) network.

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cybersecurity firm (unnamed), experian identity plus (for monitoring services), , cybersecurity firm (unnamed), .

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was systems taken offlineincident response protocols initiated.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were payroll details, names, Salary information, Bank/payroll details, LNER journey information, bank details, salary information, National Insurance numbers, Personal contact details, personal contact details and LNER customer contact details.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was ICO investigation ongoing, Potential group action claims by former employees, .

Lessons Learned and Recommendations

What was the most significant recommendation implemented to improve cybersecurity ?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was monitor financial statements, Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), use credit/dark-web monitoring services (e.g., Experian Identity Plus), Review third-party supplier security (LNER breach linked to Dentsu’s systems), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual) and Proactively engage with affected parties to mitigate legal risks.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Withers Law Firm (Jo Sanders, Data/Information Disputes Partner), Campaign (marketing industry publication), Campaign UK and Information Commissioner’s Office (ICO) Statement.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing.

Stakeholder and Customer Advisories

What was the most recent stakeholder advisory issued ?

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was internal email to employees, public statement, .

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued were an encouraged to monitor financial statementsoffered Experian Identity Plus subscription and Dentsu: Monitor financial statements; offered Experian Identity Plus.LNER: No bank/payment card/password data affected; investigation underway.

cve

Latest Global CVEs (Not Company-Specific)

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
References
Description

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
References
Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
References
Description

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dentsu' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge