[ungreased0675]

It sounds like your systems are compromised somewhere. What does your cybersecurity program look like?

[jenthoven]

(I thought) We had a secure approach (in terms of guarded 2FA credentials, no credential sharing, security training, etc), but this has me concerned. The only place we store phone numbers of employees is in Gusto, to my knowledge, plus my personal Contacts and whoever that employee has shared their contact with personally.

I'm also unsure how concerned to be about this...

[Terr_]

Perhaps it's from the other end, and the employee's phone number and employment-info is insufficiently-private on social media?

Some scam-bot could be set to notice notice when people change jobs, use the company name to look up names of CEOs etc, and then fire off messages.