Dentsu says personal information from current and former employees has been taken during a cyber incident at its Merkle division.
Merkle has offices in Edinburgh, Aberdeen, London and Manchester.
In a statement, the agency said that:
“The investigation identified that certain files were taken from Merkle’s network. A review of those files determined that they contained information concerning current and former employees.
“Our investigation is ongoing; however, at present we anticipate that the files include bank and payroll details, salary, National Insurance number, and personal contact details.”
It said that it had informed the Information Commissioner’s Office and National Cyber Security Centre and was working with a cybersecurity firm.
The company explained that it had detected “unusual activity” on servers in the Merkle network and “immediately implemented our incidence response protocols” to contain the activity.
Since the breach, it said it had sought to notify all current and former employees whose data was potentially involved.
https://www.prolificnorth.co.uk/news/cyber-security-expert-warns-of-three-year-wait-for-full-recovery-from-ms-and-co-op-cyber-attacks/READ MORE – Cyber security expert warns of three-year wait for full recovery from M&S and Co-op cyber attacks
“Dentsu has taken measures to prevent the public disclosure of the data. We have notified those for whom we have current contact information directly. In addition, we are offering all those whose information was potentially involved a complimentary membership to a dark-web monitoring service.”
It said that at the moment, it was not aware of any files being released to the public.
Dentsu has advised all those potential affected to “ remain vigilant at the present time by reviewing their financial account statements for any unauthorised activity.”
“We identified unusual activity on a portion of Merkle’s network. Upon discovery, we immediately took action to respond by initiating our incident response protocols, taking some of our systems offline, out of precaution, and taking other steps to contain the activity. Third-party cyber incident response firms who have helped other companies in similar situations were engaged to assist, and law enforcement has been notified. We have brought systems back online and we are fully operational,” said dentsu in a statement.
“The investigation identified that certain files were taken from Merkle’s network. A review of those files determined that they contained information relating to some clients, suppliers, and current and former employees. Although our investigation remains ongoing, we have begun the notification process in accordance with applicable law.”
