Mercor hit by data breach

Mercor was one of Silicon Valley’s hottest artificial intelligence startups in October 2025, when it raised $350 million at a $10 billion valuation to match experts with artificial intelligence labs that need people to train models. On March 31, 2026, Mercor said it had been hit in a cyberattack, and by April 9 the fallout had spread to lawsuits and customer pauses. (techcrunch.com 1) (techcrunch.com 2) The break-in was not a simple password leak. Mercor said the incident was tied to a supply-chain attack on LiteLLM, an open-source tool that many developers use as a connector between their software and multiple artificial intelligence services. (techcrunch.com) (techrepublic.com) A supply-chain attack works like poisoning a shared ingredient instead of breaking into every kitchen one by one. If a company installs the compromised ingredient, the attacker can ride that trusted software into the company’s own systems. (techrepublic.com) (cybernews.com) Mercor’s business made the breach unusually sensitive because the company sits between big artificial intelligence labs and a huge pool of contractors. Mercor says on its own site that it powers frontier research, reinforcement learning from human feedback data, and artificial intelligence agent training for leading labs and enterprises. (mercor.com) (techcrunch.com) That means Mercor does not just hold resumes and email addresses. Reports on the incident say the stolen material may include candidate profiles, identity documents, recorded interviews, internal chat logs, source code, and conversations between Mercor systems and contractors. (prnewswire.com) (cybernews.com) The group claiming responsibility is Lapsus$, an extortion crew that said it took about 4 terabytes of data. Four terabytes is large enough to hold millions of documents, which is why even the claim alone was enough to rattle customers before every file was independently verified. (aol.com) (cybernews.com) The first visible damage was commercial, not technical. TechRepublic reported on April 7 that Meta had paused work with Mercor, turning a security problem into a revenue problem for a company that The Information said had recently crossed $1 billion in annualized gross revenue. (techrepublic.com) (theinformation.com) The second wave was legal. TechCrunch reported that Mercor was hit with multiple contractor lawsuits within a week, and one class action filing in federal court said more than 40,000 people may have been affected. (techcrunch.com) (claimdepot.com) That pileup shows the weak spot in the new artificial intelligence labor market. Companies like Mercor move fast by collecting interviews, credentials, payment details, work histories, and customer workflows in one place, which makes the platform useful to buyers and workers but also turns it into a single rich target for attackers. (mercor.com) (techcrunch.com) Mercor can recover if customers stay, contractors keep signing up, and the company proves the breach was contained. But a hiring marketplace sells trust before it sells software, and once a platform handling identity files and interview videos loses that trust, every contract renewal becomes a security review. (techcrunch.com) (techrepublic.com)