Israeli cybersecurity firm Check Point has issued a response after a hacker claimed to have stolen valuable information from the company’s systems.
Over the weekend, a threat actor using the name CoreInjection announced in a BreachForums post that they were selling data allegedly stolen from Check Point for 5 Bitcoin (approximately $430,000).
The threat actor claimed the theft of a broad range of data from the security firm, including project documentation, credentials, network maps and architecture diagrams, source code, binaries, and employee contact details.
The threat actor included a series of screenshots in their listing, to prove their access to Check Point’s systems. According to a post from Hudson Rock co-founder and CTO Alon Gal, the screenshots appear genuine, especially since the hacker has a record of legitimate leaks.
Starting mid-March, CoreInjection announced the sale of data allegedly stolen from five companies, most of them in Israel, suggesting a focus on the country. The asking prices for the other four listings range between $30,000 and $100,000.
On Monday, Check Point responded to the hacker’s claims, saying that the data did not come from a fresh breach and that the threat actor is greatly exaggerating the importance of the exfiltrated information.
The hacker’s post, Check Point says, relates to an incident that occurred in December 2024, after credentials for a portal account were compromised. The account had limited access and the intrusion was addressed immediately, the company says.
“This event included 3 organizations’ tenants in a portal that does not include customers’ systems, production, or security architecture. The event did not include the description detailed in the post,” Check Point says.
The company explained that the incident resulted in the exposure of several account names with product names, a list of employee email addresses, and three customer accounts with contact names.
“The event was addressed immediately and thoroughly investigated. These organizations were updated and handled at the time, and this post is recycling this old, irrelevant information. As said, this does not include customers’ systems, production, or security architecture,” Check Point notes.
The company also said that its investigation determined that customers were not at risk following the data breach and that the incident had no security implications.
Related: TalkTalk Confirms Data Breach, Downplays Impact
Related: Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach
Related: PowerSchool Portal Compromised Months Before Massive Data Breach
Related: 18,000 Organizations Impacted by NTT Com Data Breach
