Crunchyroll Data Breach: 100 GB User Data Exposed and the Supply Chain Risks

Crunchyroll Data Breach Exposes 100 GB of Customer PII via Outsourcing Partner Attack

🔍 What Happened: Crunchyroll Data Breach

The Crunchyroll data breach is a significant security incident where a threat actor claims to have stolen 100 GB of user data from the popular anime streaming service. The attacker reportedly gained access by compromising an employee at Telus, Crunchyroll’s outsourcing partner, through malware. This allowed the attacker to move into Crunchyroll’s internal systems, including ticketing and analytics environments, and exfiltrate large amounts of sensitive customer information.

The breach allegedly took place on March 12, 2026, and, as of now, Crunchyroll has not publicly acknowledged the incident. Data samples reviewed by security outlets confirm that the stolen information includes personally identifiable information (PII) such as:

  • Email addresses
  • IP addresses
  • Credit card details
  • Customer analytics data

This incident highlights the growing danger of supply chain attacks, where adversaries target service partners to access valuable data.

⚠️ Why It Matters: Supply Chain and Third-Party Risks

The Crunchyroll data breach underscores the critical risks associated with third-party vendors and the supply chain. Business process outsourcing (BPO) providers like Telus manage crucial customer-facing systems across multiple companies, making them attractive targets for cybercriminals.

The scale of this attack—100 GB of exfiltrated data—raises major concerns around:

  • Identity theft and fraud
  • Phishing and social engineering risks for affected users
  • Financial exposure due to leaked payment information

Additionally, the lack of public communication from Crunchyroll about the breach raises questions about incident response transparency and regulatory compliance responsibilities. This incident also comes amidst previous privacy concerns for the company, highlighting the need for stronger data protection measures.

✅ What To Do: Strengthening Vendor and Supply Chain Security

To reduce the risks of incidents like the Crunchyroll data breach, organisations should focus on robust supply chain security and third-party risk management. Recommended steps include:

  • Regularly audit and restrict vendor access to sensitive systems
  • Implement advanced monitoring and alerts for third-party activity
  • Establish clear incident response and breach notification procedures
  • Train staff and partners to identify and prevent malware and phishing attacks

Proactive vendor management and transparent communication are essential for protecting sensitive data in today’s interconnected digital landscape.

Originally reported by Cyber Security News.

Share this bulletin
Back to Bulletins
Author
Dan Proctor Lead Engineer headshot
Dan Proctor
Category
Data Breaches
Published
Mar 23 - 2026
Post Tags
  • crunchyroll data breach
  • data breaches
  • data exfiltration
  • supply chain security
  • third-party risk
Cypro firewall showing robust network security
Secure your business.
Elevate your security, accelerate your growth. We take care of cyber security for high-growth companies, at every stage of their journey.
Get in touch
CyPro Cookie Consent

Hmmm cookies...

Our delicious cookies make your experience smooth and secure.

Privacy PolicyOkay, got it!

We use cookies to enhance your experience, analyse site traffic, and for marketing purposes. For more information on how we handle your personal data, please see our Privacy Policy.

Schedule a Call