Japanese advertising and public relations giant Dentsu Group has confirmed a data breach at its customer relationship management (CRM) subsidiary, Merkle. The confirmation followed a threat actor’s attempt to sell and leak data allegedly stolen from the company’s systems. The incident highlights the persistent threat of cyberattacks targeting large corporations and their supply chains.

The breach came to light when a threat actor advertised the sale of Dentsu’s data on a hacking forum. The individual claimed to have stolen 400 GB of information, including project files, source code, and client data. As proof, the hacker released a 100MB compressed archive containing files from Merkle and iProspect, another Dentsu brand.

Details of the Security Incident

According to Dentsu’s official statement, the company detected unauthorized access to one of its Atlassian instances. This server was utilized for internal business support functions within the organization. The breach was not a widespread compromise of Dentsu’s entire network infrastructure. The company did not disclose when the unauthorized access occurred or how the threat actor initially gained entry to the Atlassian server.

Dentsu’s Official Response and Investigation

Upon discovering the intrusion, Dentsu reported that its security teams acted promptly to contain the threat. The company immediately took the compromised Atlassian instance offline to prevent further unauthorized access. An investigation was launched in partnership with external cybersecurity experts to determine the full scope of the incident. Dentsu also confirmed that it had reported the matter to law enforcement agencies.

The advertising firm described the event as having a “very limited impact,” stating that its core network and primary client systems were not affected. Merkle’s business-to-consumer (B2C) services also remained secure. Dentsu is now communicating directly with the small number of clients whose information was involved in the breach.