Crunchyroll, the Sony-owned anime streaming platform, has reportedly suffered a big data breach. This comes after the report claims that the threat actors have extracted nearly 100GB of sensitive user information. This breach is said to have taken place on March 12, 2026. However, the company has not confirmed the breach yet.
The alleged attack is said to have originated via a compromised employee account at Telus, a third-party outsourcing partner that provides business process services. The report also suggests that malware executed on the employee’s system allowed the attacker to gain initial access, which was then used to move all over internal systems that were linked to Crunchyroll’s operations, including customer support and ticketing tools.
The report further added that cybersecurity researchers who reviewed a sample of leaked data claim that it has sensitive information such as IP addresses, email IDs, credit card details and customer analytics data. If confirmed, this can expose affected users to risks including identity theft, financial fraud and targeted phishing attacks.
The attackers have also maintained access to the system for less than 24 hours before being detected and removed. However, the scale of the data extraction shows that the operation may have been carefully planned and executed within a short window.
Not only this, there have been multiple security concerns involving Telus Digital, where threat actors have previously claimed to target multiple companies relying on outsourced services for customer support and backend operations. The reports stated that such vendors often become targets due to their access to multiple client systems.
So far, Crunchyroll has not issued an official statement or notified users about the breach. We have reached out to Crunchyroll and will update the story once we get the update.
