![Apple Shares Official Trailer for 'Fountain of Youth' Starring John Krasinski, Natalie Portman [Video]](https://www.iclarified.com/images/news/96902/96902/96902-1280.jpg)
![Apple is Still Working on Solid State iPhone Buttons [Rumor]](https://www.iclarified.com/images/news/96904/96904/96904-640.jpg)
![Nomad Goods Launches 15% Sitewide Sale for 48 Hours Only [Deal]](https://www.iclarified.com/images/news/96899/96899/96899-640.jpg)
![Google brings back the Pixel Weather map [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/09/Pixel-9-Pro-Fold-Pixel-Weather-app-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![Is this a suitable approach to architect a flutter app? [closed]](https://i.sstatic.net/4hMHGb1L.png)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
Check Point Acknowledges Data Breach, Claims Information is ‘Old
Check Point Software Technologies has confirmed a data breach following claims by threat actor CoreInjection on March 30th, 2025, but insists the incident is an “old, known and very pinpointed event” from December 2024 that had already been addressed. The cybersecurity giant released an official statement on March 31st through their support portal, downplaying the […] The post Check Point Acknowledges Data Breach, Claims Information is ‘Old appeared first on Cyber Security News.
Check Point Software Technologies has confirmed a data breach following claims by threat actor CoreInjection on March 30th, 2025, but insists the incident is an “old, known and very pinpointed event” from December 2024 that had already been addressed.
The cybersecurity giant released an official statement on March 31st through their support portal, downplaying the significance of the breach while security researchers raise questions about its true scope.
Breach Details and Company Response
According to Check Point’s security alert, the breach stemmed from “compromised credentials of a portal account with limited access” and affected “3 organizations’ tenants in a portal that does not include customers’ systems, production or security architecture.”
According to the firm, the exposed data consisted of a list of multiple account names with product names, three customer accounts with contact names, and the emails of certain Check Point employees.
“We believe that at no point was there a security risk to Check Point, its customers or employees,” the company stated in their response to Co-Founder & CTO at Hudson Rock Alon Gal.
Check Point emphasized that the breach did not match the description detailed in CoreInjection’s dark web forum post, calling it “recycling of old, irrelevant information.”
Alon Gal, who first publicized Check Point’s acknowledgment, highlighted several inconsistencies in the company’s explanation.
“The screenshot they confirm shows 121,120 accounts (18,864 paying), which is far more than ‘3 organizations,’ and suggests admin-level access (edit accounts, reset 2FA), which doesn’t align with their ‘limited access’ claim,” Gal noted in his LinkedIn update.
Further raising concerns, no public report or SEC filing from December 2024 regarding this breach has been identified, despite the Security and Exchange Commission’s requirements for such disclosures.
The breach comes amid heightened security concerns for Check Point products. In May 2024, the company warned about threat actors targeting Check Point Remote Access VPN devices with insecure password-only authentication.
Additionally, a serious vulnerability (CVE-2024-24919) discovered in May 2024 allowed attackers to read sensitive information on Check Point Security Gateways, including password hashes for local accounts.
This vulnerability received a high severity CVSS v3 score of 8.6 and was quickly added to the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities catalog.
While Check Point maintains the breach is contained and poses “no risk to Check Point customers,” security experts continue to question how the attackers initially gained access, the true extent of compromised data, and why there appears to be no public disclosure from December 2024 when the breach allegedly occurred.
As Gal summarized: “The intrusion method remains unknown; they mention compromised credentials but don’t say how (phishing, reuse, etc.), which is concerning for a cybersecurity firm.”
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Check Point Acknowledges Data Breach, Claims Information is ‘Old appeared first on Cyber Security News.
