Report claims Crunchyroll data may have been accessed in alleged third-party breach [U: Official statement]

Update 24/03/26 – 10:22 am (IST): Crunchyroll has now confirmed to BleepingComputer that it is investigating the incident and says it is working with cybersecurity experts to review the claims. In its latest statement, the company said it currently believes the exposed information is mainly limited to customer service ticket data tied to an incident involving a third-party vendor, and added that it has not found evidence of ongoing access to its systems.

The statement follows claims from a threat actor who told BleepingComputer they breached Crunchyroll on March 12 by accessing the Okta SSO account of a support agent allegedly linked to Telus International.

The attacker claimed they pulled 8 million Zendesk support ticket records, including 6.8 million unique email addresses, though BleepingComputer said payment card details appeared only in cases where customers had manually shared them in support tickets.

Original article published on March 24, 2026, follows:

Crunchyroll may be dealing with another security issue. A cybersecurity-focused account called International Cyber Digest on X is saying that a hacker got into the anime streaming service by going through one of its outsourcing partners. They claim the attacker grabbed data straight from the ticketing system.

The account posted that the stolen material added up to around 100 gigabytes of customer analytics information. Samples they looked at supposedly included IP addresses, email addresses, credit card numbers, and other personal details. They even shared a couple of screenshots for reference. You can check them out below:

From what they describe, the whole thing started when an employee at the outsourcing company Telus ran some malware on their system. That apparently gave the hacker a way straight into Crunchyroll’s network. The break-in supposedly took place on March 12, and the access got cut off about 24 hours later.

These are some heavy claims, even though nothing has been officially confirmed yet. If they hold up, it would point to real risks in both the support systems and the analytics side of things. That is not a great situation for any subscription service that handles payments and user accounts every day.

There is some extra context that adds weight to the story. Just this month, Telus Digital, the outsourcing and business process arm of Telus, admitted it had its own security incident. Threat actors said they had taken nearly a petabyte of data during a breach that stretched over several months.

BleepingComputer reported that Telus is still digging into exactly what was stolen and which customers might have been hit. The attackers listed 28 companies they claimed were involved, but the outlet chose not to name any of them because it could not verify the details on its own.

That said, Telus does handle customer support operations for a lot of big clients, but it does not automatically prove that Crunchyroll was one of the companies affected.

For now, the entire Crunchyroll link rests on what International Cyber Digest shared from the hacker. The account also noted that Crunchyroll had not made any public statement about the incident as of Sunday. We’ll keep an eye out for any official statement from the company and update the article accordingly.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.