Data Security , Phishing , Threat Intelligence BlackFile hackers target retail, hospitality with vishing and data extortion April 27, 2026 Share By SC Staff (Adobe Stock) A financially motivated hacking group known as BlackFile has been actively targeting retail and hospitality organizations since February 2026, Palo Alto Networks' Unit 42 reports. The group employs sophisticated social engineering tactics, impersonating IT helpdesk staff to steal employee credentials and extort seven-figure ransoms. This wave of attacks, also tracked under aliases such as UNC6671 and Cordial Spider, highlights a growing threat to sensitive corporate data, with further coverage provided by Bleeping Computer. BlackFile initiates attacks through voice phishing (vishing) calls, using spoofed numbers to impersonate IT support. Employees are lured to fake login pages where their credentials and one-time passcodes are captured. The attackers then use these stolen credentials to register their own devices, bypassing multi-factor authentication and escalating access to executive accounts. Data is exfiltrated from Salesforce and SharePoint servers, with a focus on files containing terms like "confidential" and "SSN." The stolen data is published on a dark web leak site before ransom demands are issued. In some instances, victims have also faced swatting attempts, where false emergency calls are made to pressure them. Organizations are advised to strengthen call-handling policies, enforce multi-factor authentication rigorously, and conduct regular social engineering training for staff to mitigate these risks. Source: Bleeping Computer SC Staff Related Data Security ADT confirms data breach after ShinyHunters threatens data leak SC Staff April 27, 2026 The breach affected customer and prospective customer data, including names, phone numbers, and addresses. Data Security Controlling AI at machine speed: Detecting risk, protecting systems, and reversing mistakes Paul Wagenseil April 24, 2026 Managing the behavior of AI agents requires a data-centric, continuous, and adaptive new approach to security. Data Security Further Vercel customer data compromise confirmed SC Staff April 24, 2026 TechCrunch reports that Vercel has disclosed that unencrypted customer information had been compromised prior to this month's breach that affected its internal systems. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Backdoor Bit Black Hat Botnet Brute Force Checksum Cipher Information Warfare Reconnaissance You can skip this ad in 5 seconds