Manager on Call Data Breach Exposes Social Security Numbers

Human resources consulting firm, Manager on Call LLC, disclosed a data breach that resulted in the unauthorized exposure of employee W-2 tax data. The breach was caused by an email phishing attack that targeted the company's staff operations team.

The breach was disclosed to the New Hampshire and South Carolina attorneys general on May 29, 2026. According to those filings, four New Hampshire residents and one South Carolina resident were identified as affected.

Manager on Call discovered the breach on May 28, 2026, and began notifying affected individuals the same day, according to the company's notification.

The breach resulted from an email phishing scam that used a technique known as display name spoofing, according to the company's notification to affected individuals. In this type of attack, a threat actor sends an email that appears to come from a trusted person within an organization, even though it actually originates from an outside source.

In this case, the threat actor impersonated the identity of Cristina Heta, the CEO of Manager on Call. The impersonator sent what appeared to be an urgent request directly to the company's staff operations team. Believing the directive was a legitimate instruction from the CEO, company contractors bypassed the organization's secured data transfer process and emailed W-2 files in response to the fraudulent request.

Manager on Call described the incident as "an isolated email social engineering event" and stated that its "internal mail servers and databases containing client information are entirely secure," according to its notification. This means the broader systems used by the company to store client data were not compromised in the attack.

The W-2 files that were exposed contained several types of sensitive personal information. These included full names, home addresses, calendar year 2025 wages and Social Security numbers. Because W-2 forms contain both financial and identity information, this type of exposure can put affected individuals at heightened risk for tax fraud and identity theft.

Manager on Call's response

Manager on Call is providing complimentary credit monitoring and identity theft restoration services through Experian to all affected individuals. According to the company's notification, affected individuals will receive a second email within 48 hours of the initial notification. That email will contain a unique activation link and code needed to enroll in the credit monitoring service.

Affected individuals who have questions about the breach can contact CEO Cristina Heta directly by email at cristinaheta@manageroncall.net. They can also reach the company by leaving a voicemail at 888-777-8615 or by emailing hr@manageroncall.net. Privacy-related questions can be sent to info@manageroncall.net.