Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Merkle

Merkle Vendor Cyber Rating & Cyber Score

merkle.com

Merkle, a dentsu company, powers the experience economy. For more than 35 years, the company has put people at the heart of its approach to digital business transformation. As the only integrated experience consultancy in the world with a heritage in data science and business performance, Merkle delivers holistic, end-to-end experiences that drive growth, engagement, and loyalty. Merkle’s expertise has earned recognition as a “Leader” by top industry analyst firms, in categories such as digital transformation and commerce, experience design, engineering and technology integration, digital marketing, data science, CRM and loyalty, and customer data management. With more than 16,000 employees, Merkle operates in 30+ countries throughout the


Merkle A.I CyberSecurity Scoring

Merkle
Company Information
Website:https://www.merkle.com
Employees number:6,088
Number of followers:220,589
NAICS:5416
Industry Type:Business Consulting and Services
Homepage:merkle.com
Merkle Risk Score (AI oriented)
Between 650 and 699
logo
MerkleBusiness Consulting and Services
Updated:
03/04/2026
691/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Merkle Global Score (TPRM)
xxxx
logo
MerkleBusiness Consulting and Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Merkle
MerkleWeak
Current Score
691B (WEAK)
01000
3 incidents
-31 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
697Before Incident
JUNE 2026
697Before Incident
MAY 2026
695Before Incident
APRIL 2026
693Before Incident
MARCH 2026
690Before Incident
FEBRUARY 2026
688Before Incident
JANUARY 2026
687Before Incident
DECEMBER 2025
684Before Incident
NOVEMBER 2025
702Before Incident
Cyber Attack
26 Nov 2025Merkle
Dentsu (Merkle)

Dentsu's Merkle Data Breach and Suumaya Money Laundering Investigation

683After Incident
CRITICAL-19
MER4741147112625
Dentsu’s customer experience unit, Merkle, suffered a cyberattack resulting in the theft of sensitive employee data, including bank/payroll details, salaries, National Insurance numbers, and contact information for current and former employees (some dating back over a decade). The breach triggered legal action, with over 150 ex-employees organizing via WhatsApp to pursue group litigation, alleging Dentsu’s failure to implement adequate security or comply with data retention policies. The UK’s Information Commissioner’s Office (ICO) is investigating, with potential fines up to 2% of global turnover or multi-million-dollar penalties. While Dentsu engaged cybersecurity firms and offered credit/dark-web monitoring, affected individuals report unclear communication about exposed data, heightening fraud risks. The incident compounds Dentsu’s reputational and financial strain, coinciding with an unrelated money-laundering probe in India linked to a third-party acquisition (InDeed), though no direct connection to the Merkle breach was established.
INCIDENT DETAILS -
TYPE
Data BreachCyberattackMoney Laundering Investigation
MOTIVATION
Financial GainData Theft
IMPACT
Bank detailsPayroll detailsSalariesNational Insurance numbersContact informationMerkle’s networkCustomer Complaints: High (150+ ex-employees in WhatsApp group pursuing legal action)Brand Reputation Impact: Significant (employee frustration, legal threats, regulatory scrutiny)Potential ICO fines (up to 2% of global turnover)Employee compensation claimsMoney laundering investigationIdentity Theft Risk: High (exfiltrated PII, dark web exposure risk)Payment Information Risk: High (bank and payroll details compromised)
DATA BREACH
Personally Identifiable Information (PII)Financial DataSensitivity Of Data: High (bank details, National Insurance numbers)Data Exfiltration: Confirmed ('certain files' stolen)NamesContact detailsNational Insurance numbersSalariesBank detailsPayroll details
OCTOBER 2025
719Before Incident
Cyber Attack
30 Oct 2025Merkle
Merkle (Dentsu’s US subsidiary)

Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

700After Incident
CRITICAL-19
MER3332133103025
Merkle, a US-based subsidiary of the Japanese multinational advertising giant Dentsu, suffered a cyberattack resulting in the exposure of sensitive data. The breach compromised files containing personal, payroll, and National Insurance details of current and former employees, as well as supplier and client data. The company took immediate action by shutting down certain systems to contain the attack and initiated an investigation with external cybersecurity experts. While the financial impact remains unclear, affected individuals are being notified and offered free dark web monitoring. The attack did not affect Dentsu’s systems in Japan, but the scale of the breach raises concerns given Merkle’s global workforce of over 16,000 employees and annual revenue of approximately $1.5 billion. No ransomware group has claimed responsibility, leaving the attack method unspecified beyond confirmation of data exfiltration.
INCIDENT DETAILS -
TYPE
Cyberattack (Data Breach)
IMPACT
Supplier dataClient dataEmployee data (personal details, payroll, National Insurance numbers, bank details, salary, contact details)Systems Affected: Certain network systems (taken offline during mitigation)Downtime: Partial (some systems shut down and later restored)Operational Impact: Systems taken offline to mitigate breach; investigation ongoingBrand Reputation Impact: Potential reputational damage due to exposure of sensitive dataIdentity Theft Risk: High (personal and financial data exposed)Payment Information Risk: High (bank and payroll details compromised)
DATA BREACH
Personal detailsPayroll dataNational Insurance numbersBank detailsSalary informationContact detailsSupplier dataClient dataSensitivity Of Data: High (includes financial and personally identifiable information)Data Exfiltration: Yes (files taken from Merkle’s network)Personally Identifiable Information: Yes (names, contact details, National Insurance numbers, bank/payroll details)
SEPTEMBER 2025
772Before Incident
Breach
31 Aug 2025Merkle
Merkle Inc.: Merkle Data Breach Lawsuit Investigation

Merkle Inc. Data Breach Exposes Sensitive PII in 2025 Cyberattack

717After Incident
CRITICAL-55
MER1770415139
Merkle Inc. Data Breach Exposes Sensitive PII in 2025 Cyberattack Merkle Inc., a global performance marketing and customer experience management firm under dentsu, disclosed a data breach involving unauthorized access to its servers. The incident was detected on August 31, 2025, prompting an immediate response, including containment efforts and an investigation with a third-party cybersecurity firm. By January 27, 2026, Merkle confirmed that compromised files contained sensitive personally identifiable information (PII), including names and Social Security numbers. The company reported the breach to the New Hampshire Attorney General’s office on February 6, 2026, and began mailing notification letters to affected individuals. As of the disclosure, one New Hampshire resident has been confirmed as impacted. Merkle is offering affected individuals a 12-month complimentary Experian IdentityWorks membership, which includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Legal firm Shamis & Gentile P.A. is investigating potential compensation claims for those affected. The breach highlights ongoing risks in data security, particularly for companies handling large volumes of customer information.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Sensitive personally identifiable information (PII), including names and Social Security numbersIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Personally Identifiable Information (PII)Sensitivity Of Data: High (Social Security numbers, names)Personally Identifiable Information: Names, Social Security numbers
AUGUST 2025
772Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Merkle ?
?
What was Merkle's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Merkle's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Merkle's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Merkle's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Merkle's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Merkle's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Merkle's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Merkle's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Merkle's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Merkle's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Merkle's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Merkle's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Merkle ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Merkle's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?