HR tech faces legal and trust pressure

Human resources software and workplace investigations are landing in court at the same time this month, with lawsuits and a federal settlement putting hiring, compliance, and retaliation practices under fresh scrutiny. (hrdive.com) (justice.gov) (hcamag.com) In California federal court, plaintiffs filed at least four class actions this month over a March 31 security incident at Mercor, an artificial intelligence recruiting startup. Human Resource Executive and Human Resource Dive reported the cases were filed after Mercor said the breach was tied to a supply-chain attack involving the open-source LiteLLM project. (hrdive.com) (techcrunch.com) The Justice Department said on April 10 that International Business Machines Corporation agreed to pay $17,077,043 to resolve allegations that its hiring and promotion practices under diversity, equity, and inclusion programs violated anti-discrimination rules in federal contracts. IBM said the settlement was not an admission of liability or wrongdoing. (justice.gov) (techcrunch.com) In Tennessee, three Vanderbilt University library employees sued on April 10 in federal court, alleging they were terminated after reporting sexual harassment by a supervisor and participating in an internal investigation that led to his firing. The case is Berry et al. v. Vanderbilt University, No. 3:26-cv-00443, in the Middle District of Tennessee. (hcamag.com) These disputes come from different corners of the people stack, but each turns on the same employer promise: collect worker data lawfully, make employment decisions lawfully, and protect employees who use internal reporting channels. The legal exposure now reaches privacy law, federal contracting rules, and anti-retaliation claims at once. (hrdive.com) (justice.gov) (hcamag.com) The Mercor cases show how a recruiting platform can become a direct legal target when candidate records are exposed. The complaints seek damages and other relief over an incident that Mercor linked to compromised third-party software rather than a break-in to its own code alone. (hrdive.com) (techcrunch.com) The IBM matter shows a separate pressure point: the government is using the False Claims Act, a Civil War-era anti-fraud law, against contractors that certify compliance while allegedly violating civil-rights rules. The Justice Department called the IBM deal the first settlement under its Civil Rights Fraud Initiative, which it launched in May 2025. (justice.gov) (foleyhoag.com) The Vanderbilt suit puts the focus on what happens after an internal investigation ends. According to the complaint described by Human Capital magazine, the employees say they reported a hostile work environment, the university substantiated misconduct by their supervisor, and they later lost their own jobs. (hcamag.com) IBM publicly disputed the government’s allegations while agreeing to settle, and the Justice Department framed the case as an enforcement action over federal-contract compliance. Vanderbilt had not commented in the Human Capital report, and Mercor’s breach response has centered on containment and the LiteLLM compromise. (techcrunch.com) (justice.gov) (techcrunch.com) (hcamag.com) What ties the week together is not one doctrine or one company. It is that the systems used to hire, promote, investigate, and retain workers are now being tested in court, line by line, by plaintiffs, regulators, and judges. (hrdive.com) (justice.gov) (hcamag.com)