December data breach at Nth degree affects 40,000 people

Nth Degree Investment Group said the data security incident it suffered in December compromised the sensitive personal information of approximately 40,000 individuals.

 

Headquartered in Duluth, Georgia, Nth Degree is an investment company that focuses on acquiring and growing other businesses, particularly in the event and experiential marketing industry. 

 

In a data security incident notice filed with the Office of Maine Attorney General, Nth Degree said that on March 24, it discovered suspicious activity within its internal network. The investment company launched an investigation with external cybersecurity experts, contained the incident, secured its systems, and notified relevant law enforcement authorities about the same.

 

“After an extensive forensic investigation and manual document review, we discovered on March 24, 2025 that your personal information may have been accessed or acquired by an unauthorised party between on or around December 12, 2024 to on or around December 20, 2024,” reads the notice.

 

The compromised data included names and other personal identifiers including Social Security Numbers. In its initial filing, Nth Degree reported 25,730 individuals were affected by the incident. However, a subsequent filing on June 25 with the Maine state regulator revised that number to at least 39,169.

 

“We are committed to maintaining the privacy and security of the personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information and will continue to do so following this incident,” Nth Degree added.

 

While the investment company found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Nth Degree. The company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.