American event management firm Nth Degree has disclosed a significant data breach impacting nearly 40,000 individuals, following unauthorized access to its systems in December 2024. The incident, which affected a vendor responsible for organizing high-profile events for companies like Walmart, Microsoft, Dell, Volvo, and Mercedes-Benz, has raised concerns over identity theft and targeted fraud.
According to the breach notification submitted to the Maine Attorney General’s Office, attackers gained access to Nth Degree’s systems between December 12 and December 20, 2024. The company confirmed in its official statement that it immediately began an investigation, engaging external cybersecurity professionals to determine the scope and nature of the breach.
“We commenced a prompt and thorough investigation into the incident and worked very closely with external cybersecurity professionals experienced in handling these types of situations to help determine whether any personal or sensitive data had been accessed or acquired,” Nth Degree said.
Personal Data Exposed During the Week-Long Breach
Although Nth Degree did not publicly specify the data types in its disclosure, legal firm Markovits, Stock & DeMarco—well known for handling data breach litigation—stated that the compromised data includes:
- Full names
- Social Security numbers (SSNs)
These details can be exploited for identity theft, synthetic identity creation, or socially engineered phishing campaigns. While Nth Degree employs fewer than 500 full-time staff, the exposed records could also include event-specific contractors or client staff involved in events like CES, the RSA Conference, or the Super Bowl.
Corporate Event Providers Are Attractive Targets
With a client list that includes Fortune 100 brands and global enterprises, Nth Degree plays a critical backstage role in executing some of the world’s most public-facing events. As such, it handles not just logistical operations, but also sensitive data from temporary staff, client representatives, and potentially even VIP guests.
The breach demonstrates how third-party event managers have become a strategic entry point for cybercriminals targeting corporate ecosystems. Data stolen from these vendors can be used to impersonate individuals, execute credential fraud, or map relationships for more targeted attacks.
“Malicious actors use similar data for identity theft, often attempting to set up fraudulent accounts,” noted the legal firm tracking the case.
Despite this, Nth Degree maintains that it has not observed any confirmed misuse of the compromised information.
Remediation and Protection Measures in Place
While the company has found no evidence that the stolen data has been exploited for fraud or identity theft, Nth Degree is offering free credit monitoring and identity protection services to impacted individuals.
The Nth Degree Data Breach serves as a broader warning to enterprises relying on event vendors and third-party providers to review their cybersecurity posture and response readiness. Attackers continue to prioritize data-rich targets—especially those with access to multiple client organizations.
Enterprises are urged to examine their supply chain risk and implement resilient recovery infrastructure. In situations where threat actors lurk inside the network undetected for days—as was the case here—the ability to restore clean data becomes mission critical.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
