Mercor contractor breach

Mercor, a fast-growing contractor platform for artificial intelligence training work, is facing five lawsuits after a March 31 breach disclosure tied to compromised LiteLLM software. (techcrunch.com) (aol.com) The suits were filed in federal courts in California and Texas during the week of April 1 through April 7, and they accuse Mercor of violating privacy and consumer-protection laws after exposing contractors’ Social Security numbers, addresses, and interview recordings. (aol.com) (prnewswire.com) Mercor said on March 31 that it was “one of thousands of companies” affected by a supply-chain attack involving LiteLLM, an open-source tool used in artificial intelligence software stacks. Hackers linked to TeamPCP compromised malicious LiteLLM releases, and extortion group Lapsus$ later claimed it had Mercor data. (techcrunch.com) (theregister.com) A supply-chain attack means the malicious code arrived through a trusted outside package rather than Mercor’s own code. In this case, the tainted LiteLLM versions were designed to steal credentials such as application programming interface keys, cloud secrets, and environment files from downstream users. (techcrunch.com) (cybersecuritynews.com) That matters because Mercor sits between major artificial intelligence labs and a large pool of contractors who generate training data. Mercor says it connects top artificial intelligence professionals with labs and enterprises, and Forbes reported the company had recruited 50,000 experts for work with customers including OpenAI, Anthropic, Meta, Google, Microsoft, Amazon, and Nvidia. (mercor.com) (forbes.com) (techcrunch.com) The breach landed as Mercor was still being held up as one of the fastest-growing companies in the artificial intelligence boom. TechCrunch reported in September 2025 that Mercor was nearing a $450 million annualized revenue run rate, and Forbes reported on April 15 that the figure had crossed $1 billion earlier in 2026. (techcrunch.com) (forbes.com) Mercor was founded in January 2023 by Brendan Foody, Adarsh Hiremath, and Surya Midha, and the company announced a $350 million Series C round at a $10 billion valuation in October 2025. Forbes said that financing made the three founders, then 22, the world’s youngest self-made billionaires. (mercor.com) (cnbc.com) (forbes.com) The new scrutiny is not limited to the hack. Forbes reported on April 15 that Mercor had also dealt with employee fraud on an Anthropic account, including alleged bonus payments worth hundreds of thousands of dollars to a manager’s relatives; Mercor told Forbes it recovered the money and said customers did not bear the loss. (forbes.com) Forbes also reported that former employees described security blunders and suspected North Korean infiltration attempts inside Mercor’s fast-scaling contractor operation. Separate reporting this year has described North Korean remote-information-technology worker schemes as a growing risk for Western companies that hire distributed technical labor under false identities. (forbes.com) (helpnetsecurity.com) Mercor has said the privacy and security of customers and contractors is “foundational” to its business and that it brought in third-party forensic investigators after the LiteLLM incident. The next test is no longer just growth; it is whether Mercor can keep clients, satisfy regulators and courts, and convince contractors their data is safe on the platform. (therecord.media) (theregister.com)