In October 2025 global advertising giant Dentsu and its subsidiary Merkle, a customer experience management company, announced a serious data breach had compromised the data of their current and former employees in the UK.
Register with KP Law today to find out more, including whether you could claim compensation.
In October 2025 Dentsu confirmed an unauthorised third party gained access to their network through a UK division, Merkle. Hackers reportedly accessed employee files including banking and salary information. It is believed that some employees whose data was leaked had left the company up to ten years ago.
We are currently investigating the situation to ascertain whether Dentsu failed in their duty to adequately protect the data of their employees and clients. If they are found to have been in breach of their duties, you may be entitled to compensation
In their report, Dentsu claimed they discovered unusual activity on Merkle’s network, upon investigation it was discovered that an unauthorised third party had accessed the network and stolen a considerable amount of data belonging to their clients and employees.
The exposed information included:
Dentsu reported the incident to the Information Commissioners Office (ICO) and to law enforcement and launched their own internal investigation with a private cyber security firm.
Employees who were affected by the breach were offered a year of Experian Identity Plus, a service that monitors their credit and the dark web in case of criminal activity.
However, many employees have claimed that they have since received no update from the company, and are still unsure what specific data was leaked.
Under the UK GDPR and Data Protection Act 2018, you are entitled to compensation if you suffer either material or non-material damage due to a data breach.
Our team at KP Law has a strong track record of holding large corporations accountable for data misuse and privacy breaches. We operate on a no-win, no-fee basis, so there’s no cost to you unless your claim is successful.
KP Law is one of the leading law firms in England & Wales, specialising in what is often referred to as group action litigation. We see our role as being your champion, someone on your side to help bring businesses to account when they let you down
Click the link below to our sign-up form which should take less than 10 minutes to complete. We’ll keep your information secure, and we’ll keep you updated as the case progresses.
See our answers to the FAQs we get asked about the Dentsu Data Breach.
Dentsu released a statement in October 2025 disclosing that the network of their UK-based subsidiary company Merkel was breached by an unauthorised third party. In their statement they explained that the stolen files included employee payroll and salary data and national insurance numbers.
Dentsu released the following statement to press:
“We identified unusual activity on a portion of Merkle’s network. Upon discovery, we immediately took action to respond by initiating our incident response protocols, taking some of our systems offline, out of precaution, and taking other steps to contain the activity. Third-party cyber incident response firms who have helped other companies in similar situations were engaged to assist, and law enforcement has been notified. We have brought systems back online and we are fully operational.
The investigation identified that certain files were taken from Merkle’s network. A review of those files determined that they contained information relating to some clients, suppliers, and current and former employees. Although our investigation remains ongoing, we have begun the notification process in accordance with applicable law.”
Dentsu should be in touch to notify affected individuals.
Anyone who thinks they might be involved should take immediate steps to protect themselves. Find out how to do this here.
If you receive notification that you are affected by the Dentsu data breach, register to receive updates on our investigation. We’ll let you know what’s happening, and if and when you can make a data breach compensation claim.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.
There are no costs to join our claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. At KP Law, our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.
GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.
If you believe your data may have been accessed, you should follow the below steps to protect yourself from further harm:
Change your login details for Paddy Power and Betfair, and ensure your other accounts use strong, unique passwords. Customers were also advised to change passwords and enable two-factor authentication (2FA) at the same time as a precautionary measure.
Stay alert for suspicious calls, texts or emails. Whilst the breach included limited betting account information and recent activity on accounts, there's still a risk that even limited personal information could be used in phishing scams.
Be aware of any unexpected activity on your accounts - consider getting a copy if your credit file to check for identity misuse after the breach.
