Synopsys and Inc.: Synopsys Data Breach Lawsuit Investigation

Synopsys Data Breach Exposes Sensitive Personal and Corporate Data in Ransomware Attack

Synopsys, Inc., a leading provider of electronic design automation (EDA), semiconductor intellectual property, and software security solutions based in Sunnyvale, California, suffered a significant data breach following a ransomware attack. The incident, claimed by the cybercriminal group Arkana Security on June 6, 2025, involved the theft of sensitive corporate and personal data, which the attackers threatened to publish on the dark web.

The breach was officially disclosed to the Massachusetts Attorney General on April 2, 2026, with at least four individuals in the state confirmed as affected. Exposed data includes a wide range of highly sensitive information, such as:

• Personal identification: Driver’s licenses, government ID numbers, Social Security numbers, dates of birth, and full names
• Financial data: Bank account numbers, financial account details, and other financial records
• Medical information: Health insurance details and medical records
• Corporate data: Contracts, billing receipts, EDA files, research, intellectual property, and employee records

The law firm Shamis & Gentile P.A. is investigating potential legal claims on behalf of affected individuals, citing possible compensation for damages related to identity theft, financial losses, and the time spent mitigating the breach’s impact. The incident underscores the growing threat of ransomware attacks targeting both personal and proprietary corporate data.

Source: https://www.claimdepot.com/investigations/synopsys-data-breach-2026

Synopsys Inc cybersecurity rating report: https://www.rankiteo.com/company/synopsys

"id": "SYN1775162306",
"linkid": "synopsys",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'At least four individuals in '
                                              'Massachusetts',
                        'industry': 'Electronic Design Automation (EDA), '
                                    'Semiconductor Intellectual Property, '
                                    'Software Security',
                        'location': 'Sunnyvale, California',
                        'name': 'Synopsys, Inc.',
                        'type': 'Corporation'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Driver’s licenses',
                                              'Government ID numbers',
                                              'Social Security numbers',
                                              'Dates of birth',
                                              'Full names',
                                              'Bank account numbers',
                                              'Financial account details',
                                              'Health insurance details',
                                              'Medical records',
                                              'Contracts',
                                              'Billing receipts',
                                              'EDA files',
                                              'Research',
                                              'Intellectual property',
                                              'Employee records']},
 'date_publicly_disclosed': '2026-04-02',
 'description': 'Synopsys, Inc., a leading provider of electronic design '
                'automation (EDA), semiconductor intellectual property, and '
                'software security solutions based in Sunnyvale, California, '
                'suffered a significant data breach following a ransomware '
                'attack. The incident, claimed by the cybercriminal group '
                '*Arkana Security* on June 6, 2025, involved the theft of '
                'sensitive corporate and personal data, which the attackers '
                'threatened to publish on the dark web. The breach was '
                'officially disclosed to the Massachusetts Attorney General on '
                'April 2, 2026, with at least four individuals in the state '
                'confirmed as affected.',
 'impact': {'data_compromised': 'Sensitive personal and corporate data',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential legal claims for identity theft, '
                                 'financial losses, and mitigation efforts',
            'payment_information_risk': 'High'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Threatened to publish on '
                                                    'dark web'},
 'investigation_status': 'Ongoing (legal investigation by Shamis & Gentile '
                         'P.A.)',
 'ransomware': {'data_exfiltration': 'Yes'},
 'references': [{'source': 'Massachusetts Attorney General'}],
 'regulatory_compliance': {'legal_actions': 'Potential legal claims being '
                                            'investigated',
                           'regulatory_notifications': 'Disclosed to '
                                                       'Massachusetts Attorney '
                                                       'General'},
 'response': {'third_party_assistance': 'Shamis & Gentile P.A. (law firm '
                                        'investigating potential legal '
                                        'claims)'},
 'threat_actor': 'Arkana Security',
 'title': 'Synopsys Data Breach Exposes Sensitive Personal and Corporate Data '
          'in Ransomware Attack',
 'type': 'Ransomware'}