Security firm Check Point confirms data breach, but says users have nothing to worry about

A file and folder transferring data with a red warning mark indicating malware.
(Image credit: Shutterstock)

  • A hacker claims to be selling data stolen from Check Point
  • Security firm says data is from an old breach that has been dealt with
  • But some security experts aren't convinced by this explanation

A hacker is claiming to have stolen a “highly sensitive” dataset from Check Point - but the company is looking to play down any concerns users might have.

The cybercriminal, going by the name of CoreInjection, posted about the dataset of compromised Check Point files on a cybercrime forum - and alleges that the information contains user credentials, employee contract information, and internal network maps, among other things.

A spokesperson from Check Point told TechRadar Pro that they “really wouldn’t call it a breach”, and added that this was “one account with limited access on a portal”. The firm’s statement assures that this is an “old, known and very pinpointed event,” that only involved a few organizations, and “ does not include customers’ systems , production or security architecture.”

Monitor your credit score with TransUnion starting at $29.95/month

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

“If this is completely fake, I’d be surprised”

However, concerns have been raised in the cybersecurity industry, with Hudson Rock CTO, Alon Gal saying that there is a “high certainty” that Check Point has been hacked, with a threat actor appearing to have “gained access to an administrator account with serious privileges.”

Whilst the researcher argues he would be surprised, he also explains that the breach is “not yet officially confirmed”.

In Check Point’s official response, it confirmed a breach did occur, but that this was a long time ago, and that the hacker is just recycling old information which “falsely implies exaggerated claims which never happened.”

“This was handled months ago, and didn’t include the description detailed on this message. These organisations were updated and handled at that time, and this is not more than the regular recycling of old information. We believe that at no point was there a security risk to Check Point , its customers or employees,” the spokesperson told us.

In 2024, Check Point VPN software was targeted by hackers in order to gain access to corporate networks, although these attempts were largely unsuccessful, and Check Point outlined a simple and easy fix.

Via The Register

You might also like

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.