Dentsu’s UK data breach sparks employee-led legal push
At least one WhatsApp group now counts more than 150 ex‑employees discussing collective legal options, and a “Join the Claim” portal has been created to connect affected individuals with law firms specialising in group data‑breach actions.
ADVERTISEMENT
In the UK, frustration among current and former Dentsu employees has crystallised into informal organising after a cyberattack on Merkle, the group’s customer experience unit, led to sensitive staff information being stolen from its systems.
Dentsu's Merkle hit by data breach; employee and client information at risk
At least one WhatsApp group now counts more than 150 ex‑employees discussing collective legal options, and a “Join the Claim” portal has been created to connect affected individuals with law firms specialising in group data‑breach actions.
The UK Information Commissioner’s Office has reportedly confirmed it received a complaint about the incident and will review it under its standard procedures, with powers that include issuing improvement notices and, in serious cases, fines that can reach the higher of a multi‑million‑dollar cap or 2% of a company’s global turnover. Any regulatory penalty would be separate from compensation employees might seek in court if they can show that Dentsu failed to apply adequate security or retain data only for as long as genuinely necessary.
Confusion over data scope and retention
Dentsu’s initial notification to affected staff in late October reportedly said “certain files” had been exfiltrated from Merkle’s network and that these were expected to include bank and payroll details, salaries, National Insurance numbers and contact information for current and former employees. The company said it had alerted law enforcement, brought in a cybersecurity firm, and offered a year of credit and dark‑web monitoring in an effort to help people detect fraud early.
However, several former employees say they have not received meaningful follow‑up and still do not know precisely which of their details are in circulation, even though some left the business more than a decade ago.
ED arrests Suumaya promoter Ushik Gala in ₹137 crore money laundering probe
Meanwhile, Dentsu’s Indian business has been drawn into a high‑stakes money‑laundering investigation centred on the Suumaya Group and a purported Haryana government “Need to Feed” welfare programme that investigators now say was fabricated. The Enforcement Directorate has recently arrested Suumaya promoter Ushik Gala on allegations that he used sham contracts and bogus trade flows to divert roughly ₹137 crore into dummy agro‑trading entities in Delhi and Haryana before routing funds back to himself through shell companies.
According to the ED, the scheme relied on inflated circular trades, fake invoices and fictitious transport documentation that created the appearance of nearly ₹5,000 crore in commodity transactions, of which only a small fraction represented genuine business. This artificial surge in activity is alleged to have dramatically boosted Suumaya’s reported turnover and market valuation, with investigators also suggesting that entities associated with Dentsu India saw their own volumes swell on the back of the same flows.
Searches at multiple locations in Mumbai, Delhi and Gurgaon have resulted in the seizure of cash, foreign currency, gold and extensive digital and paper records, which investigators claim corroborate patterns of diversion, layering and laundering. The agency continues to map links between shell entities, circular trades and intermediaries as it builds its case under India’s money‑laundering law, indicating that more names and corporate connections could emerge.
Dentsu takes a hit in Asia with revenue decline in Q3; India, Thailand remain bright spots
Dentsu India has sought to distance the group from the alleged fraud, arguing that the activities in question were carried out by third parties and certain former staff of an outfit called InDeed before Dentsu acquired it. The company has also said that when enforcement officials visited its Mumbai office in late 2024, no documents or assets were seized, and it has reiterated its commitment to cooperating fully with investigators while stressing that it treats misconduct seriously.
