Shortly after a second class action lawsuit alleging a repeated violation of the Video Privacy Protection Act, Crunchyroll now faces yet another lawsuit over an alleged data breach which a hacker claims to have occurred on March 12.
According to Cyber Security News, this data breach allegedly occurred after a hacker gained access after a worker executed malware on their workstation, giving the hacker access to 100GB of personally identifiable information from Crunchyroll.
Anime Corner reports that this new lawsuit comes from a plaintiff in Washington State who alleges that Crunchyroll failed to safeguard the information. The plaintiff also alleges psychological harm from stress and anxiety over fears that the information could be used to commit fraud.
After reports broke of the alleged data breach, Crunchyroll posted a response.
“Our investigation is ongoing, and we continue to work with leading cybersecurity experts. At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor. We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely.”
Service ticket data refers to customer support queries, but the statement did use the word “primarily” rather than “exclusively.” The extent of the alleged data breach is still not known, but Telus, the company which allegedly suffered the breach, is not the same company which Crunchyroll is accused of sharing user viewing history with in a previous lawsuit.
Telus announced plans to inform affected customers.
The Southern Nerd 