CheckPoint allegedly breached by hacker, company denies but exposes unreported breach

A hacker operating under the alias "CoreInjection" has claimed responsibility for breaching Israeli cybersecurity company CheckPoint, alleging access to sensitive internal data and network systems. 

The claims were published on Breach Forums on Sunday, March 30, 2025, with the hacker offering to sell the allegedly stolen data for 5 Bitcoin ($434,570), described as a "firm and non-negotiable" price payable only in cryptocurrency. According to the forum listing, the data allegedly offered for sale includes:

• Internal project documentation
• User credentials, both hashed and in plaintext
• Internal network maps and architecture diagrams
• Source code and compiled binaries of proprietary software
• Employee contact details, including phone numbers and email addresses

CheckPoint has issued a statement denying any recent breach of this scale. The company claims that the incident relates to an "old, known and very pinpointed event" that affected a limited number of organizations and did not impact any core systems. 

According to their statement: "This was handled months ago and didn't include the description detailed on the dark forum message. These organisations were updated and handled at that time, and this is not more than the regular recycling of old information."

The company has emphasized that there was no security threat to its customers, infrastructure, or internal operations, and clarified that the affected portal did not involve production environments or systems containing sensitive architecture.

Despite CheckPoint's reassurances, several questions remain unanswered:

1. If this was an old incident, why was it never publicly disclosed when it happened?
2. What was the precise nature and scope of the "pinpointed event" that CheckPoint acknowledges?
3. Has CheckPoint identified the method of breach or potential suspects?
4. What specific measures have been taken to ensure that the threat has been fully contained?

The incident comes at a time when cybersecurity vendors themselves are increasingly becoming targets for cybercriminals. The number of affected organizations and the value of potentially stolen data have not been disclosed.