Class Action U Logo
Start Your Data Breach Claim

Merck Sharp & Dohme Data Breach Lawsuit

Graebel Companies, Inc., a service provider for Merck, recently reported a data breach that impacted personal information of Merck employees, including names and financial account details. While there are no indications of misuse, Graebel is offering 24 months of credit monitoring. Affected individuals may be eligible to join a class action lawsuit for compensation. Contact Class Action U for a free consultation to explore your legal options.

Merck Sharp & Dohme
Date of Breach: November 7, 2025
CAU logo

Who was affected:

Clients of Merck Sharp & Dohme

Impacted Data:

Full name

Financial account information

Sign Up Now

Merck Sharp & Dohme LLC, a subsidiary of Merck & Co., Inc., recently disclosed a data breach involving their U.S.-based service provider, Graebel Companies, Inc. The breach exposed certain personal information of Merck employees, both current and former. If you were impacted by this incident, it’s essential to understand what information was compromised and what steps you can take, including joining a class action lawsuit to hold Graebel accountable for the breach.

Merck Sharp & Dohme Data Breach Investigation

On November 7, 2025, Merck communicated an initial notification regarding a security incident at Graebel Companies, Inc., which provides employee relocation management services to Merck. The incident was detected by Graebel, which took immediate action to contain and restore its impacted systems. As part of their review, Graebel identified the customers affected by the breach and notified Merck on September 22, 2025, about the inclusion of personal data from some Merck employees.

Upon receiving this information, Merck undertook its own review, which led to the identification of current and former Merck employees whose personal data had been compromised. This investigation culminated in the discovery that certain personal data, including names and financial account information, had been exposed.

Despite the breach, Merck and Graebel have stated that there are no indications that any data has been misused. Nevertheless, Graebel is offering 24 months of complimentary credit monitoring and identity theft protection services through TransUnion. Individuals impacted by the breach are encouraged to remain vigilant and take steps to safeguard their data.

When Did This Breach Occur?

The breach was first detected by Graebel, and the company informed Merck on September 22, 2025, after identifying the affected data. Following a comprehensive internal review, Merck confirmed the breach and notified impacted individuals on October 20, 2025.

What Information Was Breached?

The breach at Graebel potentially exposed the following personal information of Merck employees:

  • Full name
  • Financial account information

While there are no signs of misuse, it’s important to stay vigilant for any suspicious activity that could be linked to this breach.

What You Can Do

If your personal information was involved in this breach, here are the steps you can take to protect yourself:

  1. Enroll in the Identity Theft Protection Services:
    Graebel is offering 24 months of free credit monitoring and identity theft protection through TransUnion. Sign up by following the instructions provided in the notification.
  2. Monitor Your Credit and Bank Accounts:
    Regularly check your credit reports for any unauthorized activity. Keep a close eye on your account statements and report any suspicious transactions to your financial institution immediately.
  3. Place a Fraud Alert or Security Freeze:
    Consider placing a fraud alert or a security freeze on your credit reports with the three major credit bureaus—Equifax, Experian, and TransUnion. This can prevent new credit accounts from being opened in your name.
  4. File a Police Report if Necessary:
    If you suspect any misuse of your information, you may need to file a police report and notify your financial institutions.

File a Data Breach Lawsuit Against Merck Sharp & Dohme

If you were notified by Merck about this data breach or believe your personal information was impacted, you may have the right to seek compensation through a class action lawsuit. Data breaches like this one expose individuals to risks of identity theft and financial loss, and companies responsible for the breach must be held accountable.

At Class Action U, we help individuals impacted by data breaches by connecting them with experienced lawyers who specialize in class action lawsuits. You could be entitled to compensation for any potential harm caused by this breach.

Contact us today for a free consultation and fill out our simple, secure form to see if you qualify to join a class action lawsuit against Graebel Companies, Inc. There is no obligation after speaking with our legal team.

VIEW PDF
Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Allied Wealth Partners Data Breach
Date of Breach: Not Specified
Advanced Corporate Solutions Data Breach
Date of Breach: Not Specified
Prosper Marketplace Data Breach
Date of Breach: December 10, 2025
Show More

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.