Checkmarx Investigating Cyberattack

Key facts: Checkmarx.com data breach

• Date reported: March 24, 2026.
• Unauthorized access identified: Not disclosed.
• Target entity: Checkmarx.com (checkmarx.com).
• Source of breach: TeamPCP (hacking collective).
• Data types: API keys, secrets, and source code.
• Status: Under investigation; reported on March 24, 2026.
• Severity: High; the breach involves a supply chain attack targeting CI/CD pipelines and sensitive development assets.

What happened in the Checkmarx.com data breach?

On March 24, 2026, Checkmarx.com (checkmarx.com) announced it was investigating a security incident after the hacking collective TeamPCP claimed responsibility for a supply chain-focused attack. The incident targeted the company's GitHub Actions workflows by exploiting vulnerabilities in CI/CD pipeline configurations. This allowed the attackers to inject malicious code and potentially exfiltrate sensitive assets, including API keys and source code.

The severity of this breach is considered high due to the nature of the data involved and Checkmarx's role as a security testing provider. Compromised workflows could lead to downstream risks for enterprise customers. Checkmarx has stated it is currently rotating affected credentials and conducting a thorough investigation. While the full scope is not yet confirmed, such incidents typically lead to unauthorized access or further exploitation of interconnected development environments.

Who is behind the incident?

TeamPCP is the hacking collective that has claimed responsibility for the security attack against Checkmarx. The group utilized a supply chain-focused method, specifically targeting automated CI/CD pipelines to gain access to internal secrets and source code. While the group's specific origins or long-term history are not detailed in the report, their tactics include leaking samples of stolen data on dark web portals to pressure victims into extortion. This approach is characteristic of threat actors seeking to demonstrate technical capability or achieve financial gain through high-profile corporate compromises.

Impact and risks for Checkmarx.com customers

For customers and partners of Checkmarx, this incident introduces several plausible risks. The exposure of API keys and source code could allow unauthorized parties to identify further vulnerabilities or gain access to integrated development environments. There is also a risk of credential abuse or targeted phishing attempts against users associated with the platform. Enterprise clients should be particularly vigilant regarding the integrity of their own software supply chains, as the attackers reportedly attempted to inject malicious code into automated workflows.

Typical outcomes for breaches of this nature include service disruptions and the need for comprehensive security audits. Impacted organizations should immediately audit their own pipeline permissions and rotate any secrets shared with the vendor. Maintaining transparency throughout the investigation process is essential for helping stakeholders manage their individual risk levels.

How to protect against similar security incidents

In light of the exposure of API keys and source code at Checkmarx, users and enterprise partners should take immediate steps to secure their development environments and credentials.

• ‍Rotate secrets and API keys. Immediately invalidate and replace any API keys, tokens, or credentials shared with or stored within Checkmarx services. Ensure that new credentials follow strong entropy standards and are stored in secure vault environments.‍
• Audit CI/CD configurations. Review GitHub Actions and other automated pipeline settings for misconfigurations. Apply the principle of least privilege to all automated workflows to limit the potential impact of a compromised pipeline.‍
• Implement continuous monitoring. Use attack surface management tools to monitor for unauthorized changes in your software supply chain. Set up alerts for any unusual activity involving internal source code repositories or credential usage.

Proactive credential management and rigorous pipeline security are essential for mitigating the risks associated with supply chain attacks.

Frequently asked questions

What happened in the Checkmarx.com security breach?

TeamPCP claimed responsibility for a security attack on Checkmarx.com (checkmarx.com) in March 2026. The incident was first reported on March 24, 2026.

When did the Checkmarx.com breach occur?

The Checkmarx.com breach was publicly reported on March 24, 2026. TeamPCP referenced the incident around that time, but the attack may have occurred earlier.

What data was exposed?

The data involved in the Checkmarx.com incident includes API keys, secrets, and source code. TeamPCP has reportedly leaked samples of this data on their dark web portal.

Is my personal information at risk?

If you interacted with Checkmarx.com, there's a possibility your personal information or development secrets could be affected. Stay alert for updates and take precautionary measures to secure your accounts and API integrations.

How can I protect myself after a data breach?

• Rotate all API keys and secrets
• Enable multi-factor authentication (MFA)
• Monitor GitHub Actions for unauthorized changes
• Watch for phishing attempts
• Use breach monitoring tools

What steps should companies take after being breached?

Checkmarx is currently investigating the claims, rotating affected credentials, and reviewing its CI/CD pipeline configurations to prevent further unauthorized access and protect its customers.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.