Merck Data Breach: Financial Data Exposed
Photo by Hans Reniers on Unsplash
By Join The Case · Published November 17, 2025 · Updated November 17, 2025 · 6 min read
File Your Claim Now

Dapeer Law, P.A., a top-rated class action law firm, is investigating the Merck data breach. If you received notice that your information was exposed during this breach, you may be entitled to compensation. It's free to join our investigation to see if we can help you recover.

See Featured Articles
Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? The Washington Post Data Breach: SSNs Exposed The Washington Post Data Breach: SSNs Exposed Late-Night and Early-Morning Unwanted Text Messages Late-Night and Early-Morning Unwanted Text Messages Harvard University Data Breach Lawsuit Investigation Harvard University Data Breach Lawsuit Investigation

Merck Data Breach Lawsuit Investigation

Data-security attorneys are reviewing legal options for employees whose personal information was exposed in the recent Merck breach. If you received a notice, contact us for a free, no-obligation case evaluation.

Key Takeaways

  • Incident reported to Massachusetts Attorney General on November 17, 2025.
  • Total individuals affected: 7 (all Massachusetts residents).
  • Data exposed: name and financial account information.
  • 24 months of complimentary credit- and identity-monitoring through TransUnion offered.
Download Official Breach Notice (PDF)

What Happened?

Merck Sharpe & Dohme LLC (Merck) learned on October 20, 2025 that personal data belonging to certain current and former employees had been accessed during a cyber-incident at its U.S. relocation-services provider, Graebel Companies, Inc. Key dates include:

  • September 22, 2025: Graebel notified Merck that some Merck employee data was involved.
  • October 20, 2025: Merck concluded its own review and confirmed the impact.
  • November 17, 2025: Breach reported to the Massachusetts Attorney General and notifications mailed to affected individuals.

Information Involved

The impacted files contained the following categories of personal information:

  • Name
  • Financial account information

Merck’s Response

Graebel states it contained the attack, restored affected systems, and bolstered security controls. To help protect employees, Graebel is providing 24 months of free credit monitoring and identity-theft protection services through TransUnion. Merck recommends ongoing vigilance by reviewing credit reports and account statements for unauthorized activity.

Potential Legal Claims for Victims

Financial account details are among the most sensitive forms of personal information. Victims may incur costs for monitoring, safeguarding accounts, or recovering from fraud. U.S. privacy and consumer-protection laws allow affected individuals to seek compensation when organizations fail to adequately secure data entrusted to them.

Our data-breach team is investigating whether Merck and its vendor met their legal obligations. Compensation could include reimbursement of out-of-pocket expenses, the value of time spent monitoring accounts, and statutory or punitive damages where applicable.

Take action: Request your free case assessment to learn your rights and potential eligibility to join a Merck data-breach lawsuit.

Timeline of the Merck Data Breach

  • Pre-2025: Graebel provides relocation services to Merck.
  • Unknown date: Unauthorized actor compromises Graebel systems.
  • Graebel containment: Incident detected and systems restored (date not specified).
  • September 22, 2025: Graebel tells Merck employee data was exposed.
  • October 20, 2025: Merck finalizes review confirming impact.
  • November 7, 2025: Preliminary internal communication to employees.
  • November 17, 2025: Official AG filing and consumer notifications.

What You Can Do Now

  • Enroll in the complimentary TransUnion identity-protection service before the deadline in your letter.
  • Review monthly bank and credit-card statements; report suspicious activity immediately.
  • Obtain free annual credit reports from the major bureaus and place fraud alerts or freezes if warranted.
  • Document any time or money spent responding to the breach.
  • Contact our firm for a free review of your potential claim.

Company Overview

Below is publicly available information on Merck.

Frequently Asked Questions

1. I received a data breach letter from Merck — what should I do?

Follow the enrollment instructions for the free TransUnion credit-monitoring service, monitor financial accounts closely, and contact our team for a free legal consultation.

2. What information did the Merck breach expose?

The notice states that names and financial account information were involved.

3. How many people were affected by the Merck data breach?

Merck reported the incident to the Massachusetts Attorney General as affecting 7 individuals.

4. Did Merck offer credit monitoring, and for how long?

Yes. Graebel, on Merck’s behalf, is offering 24 months of complimentary credit monitoring and identity-theft protection through TransUnion.

5. How do I submit a claim related to the Merck data breach?

Complete the contact form on this page or call our office. Our attorneys will evaluate your situation and guide you through the next steps at no cost.

6. Am I eligible to join a lawsuit against Merck?

If you received an official breach letter, you may qualify. Eligibility depends on the nature of your data loss and any resulting damages. Request a free review to learn more.

7. How can I get the official breach notice (PDF) for Merck?

You can download it directly from the Massachusetts Attorney General website using the button above.

Attorney Advertising. Prior results do not guarantee a similar outcome.

File Your Claim Now