ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

dentsu Company CyberSecurity Posture

dentsu.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

We are dentsu. We team together to help brands predict and plan for disruptive future opportunities and create new paths to growth in the sustainable economy. We know people better than anyone else and we use those insights to connect brand, content, commerce and experience, underpinned by modern creativity. We are the network designed for what’s next.

dentsu A.I CyberSecurity Scoring

dentsu

Company Details

Linkedin ID:

dentsu

Website:

https://bit.ly/3lDa6Ff

Employees number:

17,547

Number of followers:

1,639,223

NAICS:

541613

Industry Type:

Advertising Services

Homepage:

dentsu.com

IP Addresses:

159

Company ID:

DEN_1102532

Scan Status:

Completed

AI scoredentsu Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/dentsu.jpeg
dentsu Advertising Services
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoredentsu Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/dentsu.jpeg
dentsu Advertising Services
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

dentsu Company CyberSecurity News & History

Past Incidents
2
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Dentsu (via Merkle’s network)Breach85310/2025
DEN1492114110225
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: Dentsu, a global advertising and media network, suffered a security breach within its subsidiary **Merkle’s network**, resulting in the theft of sensitive files. The compromised data included **personal and financial details** of **current and former employees**, as well as **some clients and suppliers**. Exposed information comprised **names, bank/payroll details, salaries, National Insurance numbers, and personal contact details**.The company detected **unusual network activity**, triggering an immediate response: systems were taken offline, incident response protocols were activated, and third-party cybersecurity firms alongside law enforcement were engaged. While Dentsu restored operations, the investigation remains ongoing. Affected individuals were notified and offered **credit/dark-web monitoring services** via Experian Identity Plus to mitigate risks like identity theft or financial fraud.The breach coincides with Dentsu’s strategic review, including potential divestments of its international creative and media divisions, raising concerns about operational stability. The incident underscores vulnerabilities in handling **highly sensitive employee and client data**, with potential long-term reputational and financial repercussions.

DentsuBreach8535/2025
DEN0962609112125
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: Dentsu, a global advertising and marketing agency, suffered a significant data breach affecting its CX agency, Merkle. The incident involved unauthorized access to files containing sensitive personal and financial data of **current and former employees**, including bank/payroll details, salaries, National Insurance numbers, and contact information. The breach also extended to **LNER (London North Eastern Railway) customer data**, exposing contact details and journey histories, though no payment or password data was compromised. The breach triggered a complaint to the UK’s **Information Commissioner’s Office (ICO)**, with affected ex-employees forming legal groups (one WhatsApp group exceeding 150 members) to pursue collective action. Dentsu acknowledged the leak exceeded legal reporting thresholds and offered affected individuals a year of **Experian Identity Plus** for monitoring. However, frustration persists over delayed notifications, unclear specifics of leaked data, and Dentsu’s retention of records beyond standard HMRC timelines (some ex-employees left over a decade ago). The ICO may impose fines (up to **£8.7M or 2% of global turnover**) if negligence is proven, separate from potential compensation claims.

Dentsu (via Merkle’s network)
Breach
Severity: 85
Impact: 3
Seen: 10/2025
Blog:
DEN1492114110225
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: Dentsu, a global advertising and media network, suffered a security breach within its subsidiary **Merkle’s network**, resulting in the theft of sensitive files. The compromised data included **personal and financial details** of **current and former employees**, as well as **some clients and suppliers**. Exposed information comprised **names, bank/payroll details, salaries, National Insurance numbers, and personal contact details**.The company detected **unusual network activity**, triggering an immediate response: systems were taken offline, incident response protocols were activated, and third-party cybersecurity firms alongside law enforcement were engaged. While Dentsu restored operations, the investigation remains ongoing. Affected individuals were notified and offered **credit/dark-web monitoring services** via Experian Identity Plus to mitigate risks like identity theft or financial fraud.The breach coincides with Dentsu’s strategic review, including potential divestments of its international creative and media divisions, raising concerns about operational stability. The incident underscores vulnerabilities in handling **highly sensitive employee and client data**, with potential long-term reputational and financial repercussions.

Dentsu
Breach
Severity: 85
Impact: 3
Seen: 5/2025
Blog:
DEN0962609112125
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: Dentsu, a global advertising and marketing agency, suffered a significant data breach affecting its CX agency, Merkle. The incident involved unauthorized access to files containing sensitive personal and financial data of **current and former employees**, including bank/payroll details, salaries, National Insurance numbers, and contact information. The breach also extended to **LNER (London North Eastern Railway) customer data**, exposing contact details and journey histories, though no payment or password data was compromised. The breach triggered a complaint to the UK’s **Information Commissioner’s Office (ICO)**, with affected ex-employees forming legal groups (one WhatsApp group exceeding 150 members) to pursue collective action. Dentsu acknowledged the leak exceeded legal reporting thresholds and offered affected individuals a year of **Experian Identity Plus** for monitoring. However, frustration persists over delayed notifications, unclear specifics of leaked data, and Dentsu’s retention of records beyond standard HMRC timelines (some ex-employees left over a decade ago). The ICO may impose fines (up to **£8.7M or 2% of global turnover**) if negligence is proven, separate from potential compensation claims.

Ailogo

dentsu Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for dentsu

Incidents vs Advertising Services Industry Average (This Year)

dentsu has 119.78% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

dentsu has 212.5% more incidents than the average of all companies with at least one recorded incident.

Incident Types dentsu vs Advertising Services Industry Avg (This Year)

dentsu reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.

Incident History — dentsu (X = Date, Y = Severity)

dentsu cyber incidents detection timeline including parent company and subsidiaries

dentsu Company Subsidiaries

SubsidiaryImage

We are dentsu. We team together to help brands predict and plan for disruptive future opportunities and create new paths to growth in the sustainable economy. We know people better than anyone else and we use those insights to connect brand, content, commerce and experience, underpinned by modern creativity. We are the network designed for what’s next.

similarCompanies

dentsu Similar Companies

Quad (NYSE: QUAD) is a global marketing experience company that helps brands make direct consumer connections, from household to in-store to online. Supported by state-of-the-art technology and data-driven intelligence, Quad uses its suite of media, creative and production solutions to streamline th

Security Report Compare

Omnicom is a leading provider of data-inspired, creative marketing and sales solutions. Omnicom’s iconic agency brands are home to the industry’s most innovative communications specialists who are focused on driving intelligent business outcomes for their clients. The company offers a wide range o

Security Report Compare
TBWA\Worldwide
tbwa.com

TBWA is The Disruption Company®. We are a Collective of creative minds with an unlimited creative canvas. We create brand platforms that defy convention and compete with culture. Thanks to our trademarked Disruption® methodology, we build the world’s strongest brands. Brands that own an unfair share

Security Report Compare

VML is a global powerhouse born from the unification of Wunderman Thompson and VMLY&R — two of the world's most powerful and accomplished creative agencies with complementary capabilities and geographic strengths. We have an industry-unique opportunity to provide our client partners with a fully int

Security Report Compare
IPG Mediabrands
ipgmediabrands.com

IPG Mediabrands is the media and marketing solutions division of Interpublic Group (NYSE: IPG). IPG Mediabrands manages over $47 billion in marketing investment globally on behalf of its clients across its full-service agency networks UM, Initiative and Mediahub and through its award-winning special

Security Report Compare
Publicis Groupe
publicisgroupe.com

Founded in 1926 by Marcel Bleustein-Blanchet, today Publicis Groupe is the largest communications group in the world and a leader in marketing, communication, and digital business transformation, led by Arthur Sadoun, the third CEO in its history. Publicis Groupe is positioned at every step of the

Security Report Compare
EssenceMediacom
essencemediacom.com

Hello. We are EssenceMediacom. GroupM’s newest and largest agency, committed to delivering marketing breakthroughs for brands. We have disrupted the old models across media, creative, innovation and analytics to find new opportunities for advertisers and deliver truly integrated media solutions.

Security Report Compare
Havas
havas.com

TO MAKE A MEANINGFUL DIFFERENCE TO BRANDS, TO BUSINESSES AND TO PEOPLE Founded in 1835 in Paris, Havas is one of the world’s largest global communications networks, with more than 23,000 people in over 100 markets sharing one single mission: to make a meaningful difference to brands, businesses, a

Security Report Compare

Clinic is an independent creative agency. We create bold ideas, and craft them beautifully, to get people thinking, believing and doing. All of our experience goes into what we do today, and although our world’s constantly changing, the endpoint is still people and their experience, no matter

Security Report Compare
newsone

dentsu CyberSecurity News

November 11, 2025 03:12 PM
Dentsu leak compromised LNER customer data

Dentsu's data breach has compromised LNER'S customer data. Campaign reported in late October that former, current and “some clients” at...

Read Article
November 11, 2025 02:38 PM
Digitas and Dentsu X notch gains as Initiative holds lead in November US rankings

iProspect and Hearts & Science join the agency table.. From Campaign US.

Read Article
November 07, 2025 10:29 AM
Bank, payroll and National Insurance details stolen in Dentsu security incident

Dentsu says personal information from current and former employees has been taken during a cyber incident at its Merkle division.

Read Article
November 06, 2025 08:00 AM
Cyber Compliance Specialist - South Africa - Johannesburg

A bachelor's degree in information technology, Cybersecurity, Computer Science, or related field. A minimum experience of 3-5 years in...

Read Article
November 03, 2025 08:00 AM
MSP cybersecurity news digest, November 3, 2025

Qilin ransomware abuses Windows Subsystem for Linux to deploy Linux encryptors on Windows, Atroposia malware includes built-in vulnerability...

Read Article
October 31, 2025 07:00 AM
Cybersecurity News: LinkedIn AI opt-out, NSA leadership candidates, Python foundation withdraws

As reported by Graham Cluley, the Microsoft-owned company professional networking site has “quietly announced” that as of this upcoming...

Read Article
October 30, 2025 06:58 PM
Breach Roundup: Hackers Probe Canada's Critical Infrastructure

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world.

Read Article
October 30, 2025 07:00 AM
Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

Dentsu said its U.S. unit Merkle was hit by a cyberattack exposing staff and client data, forcing some systems offline.

Read Article
October 30, 2025 07:00 AM
Dentsu has Disclosed that its U.S.-based Subsidiary Merkle Suffers Cyberattack

Dentsu confirmed Merkle experienced a cyberattack, prompting immediate incident response measures and system shutdowns to contain the...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

dentsu CyberSecurity History Information

Official Website of dentsu

The official website of dentsu is https://bit.ly/3lDa6Ff.

dentsu’s AI-Generated Cybersecurity Score

According to Rankiteo, dentsu’s AI-generated cybersecurity score is 665, reflecting their Weak security posture.

How many security badges does dentsu’ have ?

According to Rankiteo, dentsu currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does dentsu have SOC 2 Type 1 certification ?

According to Rankiteo, dentsu is not certified under SOC 2 Type 1.

Does dentsu have SOC 2 Type 2 certification ?

According to Rankiteo, dentsu does not hold a SOC 2 Type 2 certification.

Does dentsu comply with GDPR ?

According to Rankiteo, dentsu is not listed as GDPR compliant.

Does dentsu have PCI DSS certification ?

According to Rankiteo, dentsu does not currently maintain PCI DSS compliance.

Does dentsu comply with HIPAA ?

According to Rankiteo, dentsu is not compliant with HIPAA regulations.

Does dentsu have ISO 27001 certification ?

According to Rankiteo,dentsu is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of dentsu

dentsu operates primarily in the Advertising Services industry.

Number of Employees at dentsu

dentsu employs approximately 17,547 people worldwide.

Subsidiaries Owned by dentsu

dentsu presently has no subsidiaries across any sectors.

dentsu’s LinkedIn Followers

dentsu’s official LinkedIn profile has approximately 1,639,223 followers.

NAICS Classification of dentsu

dentsu is classified under the NAICS code 541613, which corresponds to Marketing Consulting Services.

dentsu’s Presence on Crunchbase

No, dentsu does not have a profile on Crunchbase.

dentsu’s Presence on LinkedIn

Yes, dentsu maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dentsu.

Cybersecurity Incidents Involving dentsu

As of November 30, 2025, Rankiteo reports that dentsu has experienced 2 cybersecurity incidents.

Number of Peer and Competitor Companies

dentsu has an estimated 32,350 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at dentsu ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

How does dentsu detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with cybersecurity firm (unnamed), third party assistance with experian identity plus (for monitoring services), and and containment measures with systems taken offline, containment measures with incident response protocols initiated, and recovery measures with systems brought back online, and communication strategy with internal email to employees, communication strategy with public statement, communication strategy with notification process for affected parties, and and third party assistance with cybersecurity firm (unnamed), and and remediation measures with offered experian identity plus (1-year subscription for credit/dark-web monitoring), and communication strategy with initial notification to affected individuals (27 oct 2023), communication strategy with encouraged monitoring of financial statements, communication strategy with no further updates provided, and enhanced monitoring with fraud monitoring recommended for affected individuals..

Incident Details

Can you provide details on each incident ?

Incident : data breach

measurementExposure impactImpact

Title: Data Breach at Dentsu's Merkle Network Affecting Employees, Clients, and Suppliers

Description: Former and current staff at Dentsu and some clients had their information taken following a security incident within Merkle’s network. Files containing names, bank and payroll details, salary, National Insurance numbers, and personal contact details were exfiltrated. Dentsu has engaged third-party cybersecurity firms, notified law enforcement, and offered affected individuals credit and dark-web monitoring services via Experian Identity Plus. The investigation remains ongoing, but notifications have begun in compliance with applicable laws.

Type: data breach

Incident : Data Breach

measurementExposure impactImpact

Title: Dentsu Data Breach Affecting Former Employees and LNER Customers

Description: Dentsu reported a data breach where files containing personal and financial details of former employees (including bank/payroll details, salary, National Insurance numbers, and contact details) were exfiltrated from Merkle’s network. The breach also impacted LNER customer data, including contact details and journey information. The ICO is investigating, and affected individuals are considering legal action. Dentsu offered credit monitoring services and notified law enforcement.

Date Publicly Disclosed: 2023-10-27

Type: Data Breach

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

Impact of the Incidents

What was the impact of each incident ?

Incident : data breach DEN1492114110225

Data Compromised: Names, Bank details, Payroll details, Salary information, National insurance numbers, Personal contact details

Systems Affected: portion of Merkle’s network

Downtime: temporary (some systems taken offline as precaution)

Operational Impact: minimal (fully operational after containment)

Brand Reputation Impact: potential (ongoing investigation amid speculation about Dentsu's future)

Identity Theft Risk: high (bank, payroll, and PII exposed)

Payment Information Risk: high (bank details compromised)

Incident : Data Breach DEN0962609112125

Data Compromised: Bank/payroll details, Salary information, National insurance numbers, Personal contact details, Lner customer contact details, Lner journey information

Systems Affected: Merkle’s (Dentsu’s CX agency) network

Customer Complaints: ['Collective legal action being considered by former employees', 'Frustration over lack of follow-up communication', 'Complaints about prolonged data retention (10+ years)']

Brand Reputation Impact: Potential reputational damage due to legal action and regulatory scrutinyNegative media coverage

Legal Liabilities: Potential ICO fines (up to £8.7M or 2% of global turnover)Group action claims by former employeesViolation of UK GDPR and Data Protection Act 2018 (excessive data retention)

Identity Theft Risk: ['High (due to exposure of National Insurance numbers, bank details, and personal contact information)']

Payment Information Risk: ['Exposed for former employees (bank/payroll details)', 'Not affected for LNER customers']

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Identifiable Information (Pii), Financial Data, Employment Records, , Personal Identifiable Information (Pii), Financial Data, Employment Records, Customer Contact Details, Journey Information and .

Which entities were affected by each incident ?

Incident : data breach DEN1492114110225

Entity Name: Dentsu (via Merkle network)

Entity Type: advertising and marketing agency

Industry: media and communications

Customers Affected: some clients, suppliers, and current/former employees

Incident : Data Breach DEN0962609112125

Entity Name: Dentsu (including Merkle CX agency)

Entity Type: Advertising/Media Conglomerate

Industry: Marketing & Advertising

Location: United KingdomJapan (HQ)

Customers Affected: Current/former employees (150+ in one WhatsApp group), Clients, Suppliers

Incident : Data Breach DEN0962609112125

Entity Name: London North Eastern Railway (LNER)

Entity Type: Train Operator

Industry: Transportation

Location: United Kingdom

Customers Affected: Unknown (contact details and journey information exposed)

Response to the Incidents

What measures were taken in response to each incident ?

Incident : data breach DEN1492114110225

Incident Response Plan Activated: True

Third Party Assistance: Cybersecurity Firm (Unnamed), Experian Identity Plus (For Monitoring Services).

Containment Measures: systems taken offlineincident response protocols initiated

Recovery Measures: systems brought back online

Communication Strategy: internal email to employeespublic statementnotification process for affected parties

Incident : Data Breach DEN0962609112125

Incident Response Plan Activated: True

Third Party Assistance: Cybersecurity Firm (Unnamed).

Remediation Measures: Offered Experian Identity Plus (1-year subscription for credit/dark-web monitoring)

Communication Strategy: Initial notification to affected individuals (27 Oct 2023)Encouraged monitoring of financial statementsNo further updates provided

Enhanced Monitoring: Fraud monitoring recommended for affected individuals

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through cybersecurity firm (unnamed), Experian Identity Plus (for monitoring services), , Cybersecurity firm (unnamed), .

Data Breach Information

What type of data was compromised in each breach ?

Incident : data breach DEN1492114110225

Type of Data Compromised: Personal identifiable information (pii), Financial data, Employment records

Sensitivity of Data: high (includes bank details, National Insurance numbers, and salary information)

Personally Identifiable Information: namesNational Insurance numberspersonal contact details

Incident : Data Breach DEN0962609112125

Type of Data Compromised: Personal identifiable information (pii), Financial data, Employment records, Customer contact details, Journey information

Sensitivity of Data: High (includes National Insurance numbers, bank details, salaries)

Personally Identifiable Information: NamesNational Insurance numbersBank/payroll detailsSalariesPersonal contact details (email/phone/address)

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offered Experian Identity Plus (1-year subscription for credit/dark-web monitoring), .

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by systems taken offline, incident response protocols initiated and .

Ransomware Information

Was ransomware involved in any of the incidents ?

Incident : data breach DEN1492114110225

Data Exfiltration: True

Incident : Data Breach DEN0962609112125

Data Exfiltration: True

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through systems brought back online, .

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : data breach DEN1492114110225

Regulatory Notifications: ongoing (notifications begun in accordance with applicable law)

Incident : Data Breach DEN0962609112125

Regulations Violated: UK GDPR, Data Protection Act 2018 (excessive data retention beyond 7 years),

Legal Actions: ICO investigation ongoing, Potential group action claims by former employees,

Regulatory Notifications: Reported to ICO (scale exceeded legal threshold)Law enforcement notified

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through ICO investigation ongoing, Potential group action claims by former employees, .

Lessons Learned and Recommendations

What recommendations were made to prevent future incidents ?

Incident : data breach DEN1492114110225

Recommendations: monitor financial statements, use credit/dark-web monitoring services (e.g., Experian Identity Plus)monitor financial statements, use credit/dark-web monitoring services (e.g., Experian Identity Plus)

Incident : Data Breach DEN0962609112125

Recommendations: Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), Proactively engage with affected parties to mitigate legal risks, Review third-party supplier security (LNER breach linked to Dentsu’s systems)Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), Proactively engage with affected parties to mitigate legal risks, Review third-party supplier security (LNER breach linked to Dentsu’s systems)Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), Proactively engage with affected parties to mitigate legal risks, Review third-party supplier security (LNER breach linked to Dentsu’s systems)Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), Proactively engage with affected parties to mitigate legal risks, Review third-party supplier security (LNER breach linked to Dentsu’s systems)

References

Where can I find more information about each incident ?

Incident : data breach DEN1492114110225

Source: Campaign (marketing industry publication)

Incident : Data Breach DEN0962609112125

Source: Campaign UK

Incident : Data Breach DEN0962609112125

Source: Information Commissioner’s Office (ICO) Statement

Incident : Data Breach DEN0962609112125

Source: Withers Law Firm (Jo Sanders, Data/Information Disputes Partner)

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Campaign (marketing industry publication), and Source: Campaign UK, and Source: Information Commissioner’s Office (ICO) Statement, and Source: Withers Law Firm (Jo Sanders, Data/Information Disputes Partner).

Investigation Status

What is the current status of the investigation for each incident ?

Incident : data breach DEN1492114110225

Investigation Status: ongoing

Incident : Data Breach DEN0962609112125

Investigation Status: Ongoing (ICO inquiry and internal investigation with cybersecurity firm)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Internal Email To Employees, Public Statement, Notification Process For Affected Parties, Initial Notification To Affected Individuals (27 Oct 2023), Encouraged Monitoring Of Financial Statements and No Further Updates Provided.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : data breach DEN1492114110225

Stakeholder Advisories: Internal Email To Employees, Public Statement.

Customer Advisories: encouraged to monitor financial statementsoffered Experian Identity Plus subscription

Incident : Data Breach DEN0962609112125

Customer Advisories: Dentsu: Monitor financial statements; offered Experian Identity Plus.LNER: No bank/payment card/password data affected; investigation underway.

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Internal Email To Employees, Public Statement, Encouraged To Monitor Financial Statements, Offered Experian Identity Plus Subscription, , Dentsu: Monitor Financial Statements; Offered Experian Identity Plus., Lner: No Bank/Payment Card/Password Data Affected; Investigation Underway. and .

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : data breach DEN1492114110225

High Value Targets: Employee Data, Client/Supplier Data,

Data Sold on Dark Web: Employee Data, Client/Supplier Data,

Incident : Data Breach DEN0962609112125

High Value Targets: Employee Pii/Financial Data, Client/Supplier Data,

Data Sold on Dark Web: Employee Pii/Financial Data, Client/Supplier Data,

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach DEN0962609112125

Root Causes: Inadequate Data Retention Policies (Retained Data For 10+ Years Beyond Legal Limits), Potential Third-Party Security Vulnerabilities (Merkle’S Network),

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cybersecurity Firm (Unnamed), Experian Identity Plus (For Monitoring Services), , Cybersecurity Firm (Unnamed), , Fraud Monitoring Recommended For Affected Individuals, .

Additional Questions

Incident Details

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-27.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, bank details, payroll details, salary information, National Insurance numbers, personal contact details, , Bank/payroll details, Salary information, National Insurance numbers, Personal contact details, LNER customer contact details, LNER journey information and .

What was the most significant system affected in an incident ?

Most Significant System Affected: The most significant system affected in an incident was portion of Merkle’s network and Merkle’s (Dentsu’s CX agency) network.

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cybersecurity firm (unnamed), experian identity plus (for monitoring services), , cybersecurity firm (unnamed), .

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was systems taken offlineincident response protocols initiated.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Bank/payroll details, personal contact details, names, payroll details, LNER customer contact details, LNER journey information, National Insurance numbers, Salary information, Personal contact details, salary information and bank details.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was ICO investigation ongoing, Potential group action claims by former employees, .

Lessons Learned and Recommendations

What was the most significant recommendation implemented to improve cybersecurity ?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Improve data retention policies to comply with UK GDPR (max 7 years for HMRC-related records), use credit/dark-web monitoring services (e.g., Experian Identity Plus), Enhance transparency in post-breach communication (e.g., clarify which specific data was exposed per individual), monitor financial statements, Review third-party supplier security (LNER breach linked to Dentsu’s systems) and Proactively engage with affected parties to mitigate legal risks.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Withers Law Firm (Jo Sanders, Data/Information Disputes Partner), Campaign (marketing industry publication), Campaign UK and Information Commissioner’s Office (ICO) Statement.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing.

Stakeholder and Customer Advisories

What was the most recent stakeholder advisory issued ?

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was internal email to employees, public statement, .

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued were an encouraged to monitor financial statementsoffered Experian Identity Plus subscription and Dentsu: Monitor financial statements; offered Experian Identity Plus.LNER: No bank/payment card/password data affected; investigation underway.

cve

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss2
Base: 1.2
Severity: HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
cvss3
Base: 2.0
Severity: HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 1.0
Severity: HIGH
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dentsu' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge