Synopsys Data Breach Exposes SSNs, Medical Info, and More

Synopsys Inc., a major computer software company based in Sunnyvale, California, has disclosed a data breach that exposed sensitive personal and medical information for at least four Massachusetts residents. The total number of people affected across the United States has not been disclosed.

The breach was reported to the Massachusetts Office of Consumer Affairs and Business Regulation in a filing dated April 2, 2026. Consumer notifications are being sent to affected individuals.

What happened in the Synopsys data breach

On June 6, 2025, a ransomware group called Arkana Security posted a claim on the Tor dark web network saying it had obtained data from Synopsys. The group claimed to have accessed contracts, billing receipts, documents, EDA files, research, intellectual property and employee information, threatening to publish the stolen data within four to five days.

The company did not include specific dates for when the breach occurred or when it was first discovered. The dark web claim by Arkana Security appeared roughly 10 months before Synopsys disclosed the breach to regulators.

The types of information exposed varied by individual. Affected data may have included first and last name, Social Security number, driver's license number or other government identification number, date of birth, address, email address, bank account number or other financial information, and medical or health insurance information.

Synopsys' response to the breach

Synopsys is offering free credit monitoring, identity theft detection and resolution services through Equifax Credit Watch Gold. Key features of this service include credit monitoring with email alerts about key changes to an Equifax credit report, daily access to the Equifax credit report and WebScan notifications.

The service also includes automatic fraud alerts, which encourage potential lenders to take extra steps to verify a person's identity before extending credit. Affected individuals will have access to identity restoration assistance from a dedicated specialist if they become victims of identity theft. The program includes up to $1,000,000 in identity theft insurance coverage for certain out-of-pocket expenses.

To enroll, affected individuals should visit www.equifax.com/activate and enter the unique activation code included in their notification letter. They will then need to complete a registration form, create an account and verify their identity.

The enrollment deadline is Aug. 31, 2026.

The company has set up a dedicated phone line at 1-844-558-4664 for anyone with questions or concerns about the breach.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze on credit files at Equifax (1-888-836-6351), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to help prevent unauthorized accounts from being opened.
• Review credit reports for unfamiliar activity by requesting free copies at AnnualCreditReport.com and checking for accounts or inquiries that are not recognized.
• Monitor bank and financial accounts closely because bank account numbers and other financial details may have been exposed in this breach.
• Watch for phishing attempts that reference Synopsys or this data breach by name, as scammers may try to use the situation to trick people into sharing more personal information.
• Check medical and insurance statements for services or claims that were not authorized, since medical and health insurance information was among the exposed data types.
• Review driver's license and government ID records with the relevant state agency to check whether exposed identification numbers have been misused.