Crunchyroll Data Breach Lawsuits: What Users Need to Know Now

Millions of Crunchyroll users are affected by a data breach. The lawsuits claim sensitive data like emails and partial payment details were exposed.
By Newsroom | Technology, Entertainment |

Crunchyroll, the popular anime streaming service, is entangled in multiple class-action lawsuits following a significant data breach that appears to have compromised the personal details of millions of its users. The legal challenges, filed in California federal courts, stem from allegations that the company failed to adequately safeguard user information, which was reportedly accessed through a third-party vendor.

Crunchyroll slammed with lawsuit as millions of users left exposed in data breach - 1

The breach exposed sensitive data including email addresses, usernames, IP addresses, approximate location data, user support communications, and in some instances, partial credit card details (such as the last four digits or expiration dates). A smaller number of users had full credit card numbers exposed when these were included in support tickets. The full extent of the data theft is still under scrutiny, with reports from threat actors claiming the exfiltration of 100 GB of user data from Crunchyroll’s customer analytics and ticketing systems.

Read More: iQIYI uses AI for content due to money problems

Crunchyroll slammed with lawsuit as millions of users left exposed in data breach - 2

The lawsuits accuse Crunchyroll of negligence, citing a failure to implement essential security measures. Specifically, plaintiffs point to alleged deficiencies in data encryption, real-time threat monitoring, and timely breach notifications. One lawsuit, filed by plaintiff Max Agress, points to a Telus employee executing software that inadvertently granted criminals unauthorized access. Another, filed by Emilia Enfield, echoes these claims of insufficient safeguards.

The incident is reported to have occurred around March 12, 2026, with notifications to customers allegedly delayed until March 23, eleven days after the third-party vendor, Telus Digital, confirmed the breach. Crunchyroll has issued a statement acknowledging awareness of the claims and stating they are working with cybersecurity experts to investigate.

Adding to the legal pressure, a separate class-action lawsuit was filed on March 5, 2026, alleging that Crunchyroll knowingly shared subscriber viewing data with a third-party marketing company, Braze, without user consent, in violation of the Video Privacy Protection Act (VPPA). It remains unclear if this VPPA lawsuit is directly linked to the recent data breach or represents a separate privacy concern.

Read More: Pragmata Game Sells 1 Million Copies in 2 Days

Frequently Asked Questions

Q: What happened to Crunchyroll users' data?
Crunchyroll is facing lawsuits because a data breach exposed personal details like email addresses, usernames, and IP addresses. Some users also had partial credit card information compromised.
Q: Who is suing Crunchyroll and why?
Users are filing class-action lawsuits in California federal courts. They claim Crunchyroll did not protect their data well enough, especially through a third-party vendor called Telus Digital.
Q: When did the data breach happen and when were users told?
The breach likely happened around March 12, 2026. Users were notified around March 23, 2026, which is 11 days after the vendor confirmed the issue.
Q: What kind of data was exposed in the breach?
Exposed data includes email addresses, usernames, IP addresses, approximate locations, and user support messages. A small number of users had partial credit card details exposed.
Q: Are there other legal issues for Crunchyroll?
Yes, a separate lawsuit filed on March 5, 2026, claims Crunchyroll shared viewing data with a marketing company without permission, which might be a separate privacy violation.