Check Point Acknowledges Data Breach, States Information is ‘Outdated’

Check Point Software Technologies recently acknowledged a data breach, following claims made by a threat actor known as CoreInjection on March 30th, 2025. However, the company stated that the incident was an “old, known, and very pinpointed event” that occurred back in December 2024 and had already been dealt with effectively.

In an official statement released on March 31st through their support portal, Check Point downplayed the significance of the breach, even as security researchers began questioning the true extent of the incident.

The breach was traced back to compromised credentials of a portal account with limited access, affecting the tenants of three organizations in a portal that did not include customer systems, production, or security architecture. The exposed data reportedly included a list of multiple account names with product names, three customer accounts with contact names, and the emails of specific Check Point employees.

Despite the claims by Check Point that there was no security risk to the company, its customers, or employees, concerns were raised by industry experts, including Co-Founder & CTO at Hudson Rock, Alon Gal. Gal pointed out inconsistencies in Check Point’s explanation in a LinkedIn update, noting that the number of accounts shown in the screenshot released by Check Point far exceeded the reported three organizations affected, suggesting possible admin-level access that contradicted the company’s claims of limited access.

Adding to the skepticism surrounding the incident, there have been no public reports or SEC filings from December 2024 related to the breach, despite the breach allegedly occurring then. This lack of transparency has raised further questions about how the attackers gained initial access, the full scope of the compromised data, and the company’s handling of the situation.

Notably, this breach comes at a time when Check Point products have faced increased security concerns. In May 2024, the company warned of threat actors targeting Check Point Remote Access VPN devices due to insecure password-only authentication. Furthermore, a critical vulnerability (CVE-2024-24919) discovered in May 2024 allowed attackers to access sensitive information on Check Point Security Gateways, including password hashes for local accounts.

Despite Check Point’s assurance that the breach is contained and poses no risk to its customers, security experts continue to probe into the incident. The method of intrusion remains unknown, with questions looming over whether compromised credentials were obtained through phishing, reuse, or other means—an unsettling prospect for a cybersecurity firm.

As the situation unfolds, industry observers are closely monitoring the aftermath of the breach, emphasizing the importance of transparent communication and accountability in addressing cybersecurity incidents of this nature.