Ransomware Gang Claims Bosch and Synopsys Hacks. Synopsys Says It Sees Nothing.

A criminal group called D1R says it stole sensitive data from two major companies and will publish it unless it gets paid. One of those companies is pushing back.

ThreatVectr Newsdesk· 3 min read
Full-frame edge-to-edge overhead photoreal shot of a cluttered office desk at night, glowing keyboard, several browser windows reflected on a dark monitor, a ha
Share

Key points

  • A criminal group called D1R claimed in 2025 to have stolen data from Bosch, the German industrial giant, and Synopsys, a US semiconductor software company.
  • D1R is threatening to publish the stolen data publicly unless both companies pay a ransom.
  • Synopsys, as of its most recent statement, says its investigation has found no evidence that any of its data was taken.
  • Bosch has not publicly confirmed or denied the breach claim at the time of writing.
  • Customers and partners of both companies should watch for suspicious contact that uses their personal or business details.

A criminal group calling itself D1R surfaced recently with a blunt threat: pay up, or we leak your data. The group claims it broke into the systems of two well-known companies and walked out with valuable files.

The two named targets are Bosch, the German engineering and consumer-goods company most people recognise from power tools and car parts, and Synopsys, an American firm whose software helps engineers design the chips that go inside phones, cars, and computers.

D1R is operating what security researchers call a ransomware extortion scheme, meaning the criminals steal data first and then threaten to release it unless a payment arrives. No files are necessarily locked. The leverage is embarrassment and regulatory exposure.

Should customers be worried?

For ordinary people, the immediate risk is indirect. If personal or business data tied to Bosch or Synopsys products, warranties, or partner accounts was stored in the affected systems, that information could surface in criminal marketplaces.

Synopsys says, clearly, that it has found no evidence a breach actually happened on its side. That matters. Companies have every incentive to investigate fast when a group like this posts claims publicly, because regulators and customers start asking questions within hours. A clean internal audit result is not nothing.

Bosch has not made a comparable public statement. That silence is worth watching.

The failure mode here is familiar. A criminal group posts a claim. One target goes quiet. The other issues a careful denial that is technically accurate but leaves wiggle room. SecurityWeek reported the initial claims, and the story is still developing.

In practice, D1R's playbook does not require a full network intrusion. Sometimes groups like this steal data from a third-party supplier, a cloud storage bucket, meaning an online file storage area that was left open to the public by accident, or a misconfigured software-as-a-service account that sits on the edge of a company's network rather than deep inside it. The original source of the data matters enormously, and neither company has confirmed that yet.

One thing the post-mortem will say, if a real breach happened: access controls on external-facing storage were not tight enough.

If you have a Bosch account, a warranty registration, or any business relationship with either company, keep an eye out for emails or calls that reference your specific account details. That kind of targeted contact, using real data to seem trustworthy, is the practical downstream risk.

Do not pay attention to generic warnings. Pay attention to contact that already knows something about you.

© 2026 Threat Vectr