Crunchyroll Suffers Major Data Breach: 100 GB of PII Exfiltrated
A threat actor claims to have stolen approximately 100 GB of personally identifiable information (PII) from Crunchyroll, the Sony-owned anime streaming platform, following a breach on March 12, 2026. The attack reportedly originated from a compromised employee account at Telus, Crunchyroll’s outsourcing partner, which provided the attacker with initial access to the company’s internal systems.
Once inside, the threat actor conducted lateral movement, infiltrating sensitive customer-facing infrastructure, including Crunchyroll’s ticketing systems. As of this report, Crunchyroll has not publicly confirmed the breach, leaving the full scope and impact of the incident unclear. The exfiltrated data’s nature and potential exposure of user details remain unconfirmed.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7441691585588912128
Crunchyroll cybersecurity rating report: https://www.rankiteo.com/company/crunchyroll
TELUS cybersecurity rating report: https://www.rankiteo.com/company/telus
"id": "CRUTEL1774239823",
"linkid": "crunchyroll, telus",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Streaming/Entertainment',
'name': 'Crunchyroll',
'type': 'Company'}],
'attack_vector': 'Compromised Employee Account',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2026-03-12',
'description': 'A threat actor claims to have stolen approximately 100 GB of '
'personally identifiable information (PII) from Crunchyroll, '
'the Sony-owned anime streaming platform, following a breach '
'on March 12, 2026. The attack reportedly originated from a '
'compromised employee account at Telus, Crunchyroll’s '
'outsourcing partner, which provided the attacker with initial '
'access to the company’s internal systems. Once inside, the '
'threat actor conducted lateral movement, infiltrating '
'sensitive customer-facing infrastructure, including '
'Crunchyroll’s ticketing systems. As of this report, '
'Crunchyroll has not publicly confirmed the breach, leaving '
'the full scope and impact of the incident unclear.',
'impact': {'data_compromised': '100 GB of PII',
'systems_affected': ['Ticketing systems', 'Internal systems']},
'initial_access_broker': {'entry_point': 'Compromised employee account at '
'Telus (outsourcing partner)'},
'title': 'Crunchyroll Suffers Major Data Breach: 100 GB of PII Exfiltrated',
'type': 'Data Breach'}