Crunchyroll class action overview:
- Who: Plaintiff Max Agress filed a class action lawsuit against Crunchyroll LLC.
- Why: Agress claims Crunchyroll failed to protect the personally identifiable information (PII) of 6.8 million users in a March 2026 data breach.
- Where: The Crunchyroll data breach class action lawsuit was filed in California federal court.
A new class action lawsuit accuses Crunchyroll of failing to protect the personally identifiable information of 6.8 million users in a March 2026 data breach.
Plaintiff Max Agress filed the class action complaint against Crunchyroll on March 24 in California federal court, alleging negligence and violations of state and federal consumer laws.
Crunchyroll is a streaming service that offers anime content to subscribers. According to Agress, the company’s data breach was caused by a security lapse at its outsourcing partner, Telus, based in India.
He alleges that an employee of Telus executed malware on his system, which gave a threat actor access to Crunchyroll’s environment.
The breach exposed users’ full names, usernames, email addresses, IP addresses, approximate location data and the text of user support exchanges, the Crunchyroll class action lawsuit alleges.
The breach did not expose full payment card data, but partial card details shared voluntarily in tickets, such as last four digits or expiration dates, may have been compromised, the Crunchyroll class action says.
Agress is looking to represent anyone in the United States whose PII was exposed in the Crunchyroll data breach.
Crunchyroll data breach exposed 8M support ticket records, class action claims
The breach occurred on March 12, 2026, but was not made public until March 22, 2026, the Crunchyroll class action says. During that time, the hacker allegedly maintained access to the corporate environment for 24 hours, downloading 8 million support ticket records from Crunchyroll’s Zendesk instance, containing 6.8 million unique email addresses, the lawsuit alleges.
Agress says Crunchyroll failed to implement reasonable data security measures to protect users’ PII, violating Section 5 of the Federal Trade Commission Act and California’s Consumer Records Act.
The Crunchyroll class action lawsuit alleges the company failed to adequately monitor the security of its networks and systems, audit its vendor’s data security practices and timely notify users about the breach.
As a result of the breach, Agress says users face an increased risk of identity theft, invasion of privacy and the loss of the benefit of the bargain. He is suing for negligence, breach of implied contract, unjust enrichment, violations of the California Consumer Privacy Act and the state’s Unfair Competition Law.
He is seeking certification of the Crunchyroll class action, damages, restitution, injunctive relief and a jury trial.
In a separate lawsuit, users accuse Crunchyroll of sharing their video viewing data with a third-party marketing company without their consent.
Have you been affected by the Crunchyroll data breach? Let us know in the comments.
The plaintiff is represented by L. Timothy Fisher and Joshua B. Glatt of Bursor & Fisher P.A.
The Crunchyroll data breach class action lawsuit is Agress v. Crunchyroll LLC, Case No. 3:26-cv-02553, in the U.S. District Court for the Northern District of California.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
Roundup cancer lawsuits: Updates, settlements and eligibility
April 10, 2026 | Roundup Class Action Investigations
One thought on Crunchyroll class action alleges data breach exposed PII of 6.8M users
Add me please