The group posted what it claimed was Bosch CAN module implementation code on its leak site, saying it was releasing it "for free for every engineer and car enthusiast" .
Synopsys publicly stated that its investigation found no evidence of unauthorized access to its systems or any customer technical data . Key details from multiple cybersecurity news outlets:
The situation is complicated by the fact that Synopsys had a separate, real data breach in early 2026 (disclosed to Massachusetts regulators in April 2026) involving exposed Social Security numbers and medical information — but that was a different incident and is not connected to D1R's July claims .
Bosch did not issue a detailed public denial. According to dark web monitoring sources, the company was given 11 days to make contact and negotiate . Security reporting indicates Bosch was investigating the claims but had not confirmed any direct intrusion into its own systems
. As of the most recent reporting (July 14-15, 2026), no major data leak of Bosch intellectual property had been independently verified
.
Arm was listed as a victim, but D1R's specific claims regarding Arm received less independent verification compared to the Bosch allegations .
Synopsys firmly denies the breach and has found no evidence to support D1R's claims. Bosch is still assessing. Independent analysts have cast significant doubt on D1R's credibility, but the situation remains open as of July 15, 2026.