Dentsu’s data breach has compromised LNER’S customer data.
Campaign reported in late October that former, current and “some clients” at Dentsu had had their information stolen following a security incident within Merkle’s network.
In a press release issued in September, LNER said: “We have been made aware of unauthorised access to files managed by a third-party supplier, which involves customer contact details and some information about previous journeys.”
Campaign now understands that the “third-party supplier” is Merkle.
In the release, LNER warned customers to be cautious of “unsolicited communications”, but added that the “third-party supplier” did not have access to bank or payment card information or password data.
This week, a LNER spokesperson confirmed to Campaign that “no bank, payment card, or password information had been affected” and a “thorough investigation” was underway.
In full, the spokesperson for LNER said: “We want to reassure our customers that we continue to treat this matter with the highest priority. We immediately notified the relevant organisations and ensured widespread media coverage to alert our customers. We have worked closely with experts and the supplier to ensure appropriate protective measures are in place. A thorough investigation has been underway to establish all the facts, and we have been contacting those who were affected directly.
“Importantly, no bank, payment card, or password information has been affected. As a precaution, some of our customer communications have been temporarily paused. We advise customers to remain vigilant and be cautious of unsolicited emails, especially those requesting personal information.”
The LNER spokesperson did not reveal the identity of the third-party supplier.
Dentsu emailed current and former employees directly affected by the breach in October. At the time, the network anticipated that this leaked information included bank and payroll details, salary, National Insurance number, and personal contact details.
The email also further explained that Dentsu has informed law enforcement and launched an investigation with assistance from a cybersecurity firm, as well as encouraged employees to monitor their financial statements, also offering them a year’s subscription to a credit and dark-web monitoring service through Experian Identity Plus.
When Campaign contacted Dentsu about LNER being affected, it reissued its original statement: “We identified unusual activity on a portion of Merkle’s network. Upon discovery, we immediately took action to respond by initiating our incident response protocols, taking some of our systems offline, out of precaution, and taking other steps to contain the activity.
“Third-party cyber incident response firms who have helped other companies in similar situations were engaged to assist, and law enforcement has been notified. We have brought systems back online and we are fully operational.
“The investigation identified that certain files were taken from Merkle’s network. A review of those files determined that they contained information relating to some clients, suppliers, and current and former employees. Although our investigation remains ongoing, we have begun the notification process in accordance with applicable law.”
The breach comes amid speculation over Dentsu's future, after the Japanese-owned network appointed bankers to sound out buyers for its international creative and media business.
Last year, former WPP chief executive Mark Read was the target of a deepfake scam, with fraudsters impersonating Read to solicit money and personal details from another senior executive at the network.
