Mercor faces lawsuits and customer pauses after data breach

In short: Mercor, an AI data training startup valued at $10 billion, is dealing with lawsuits and customer uncertainty after it disclosed a data breach.

What happened

Mercor said on March 31 that it had been targeted in a data breach, which is when someone breaks into a company’s systems and copies or exposes information. The company previously raised $350 million and was valued at $10 billion.

A hacker group has claimed it stole 4TB of data from Mercor. That is a very large amount of information, like several thousand hours of video. The claimed data includes candidate profiles, personal details, employer data, source code (the instructions that make software run), and API keys (special passwords that let software talk to other software).

Mercor has not confirmed whether the leaked files are real. It said it is investigating and will communicate with customers and contractors directly.

Mercor linked the breach to a compromise of LiteLLM, a widely used open source tool. TechCrunch reported that LiteLLM briefly contained credential-harvesting malware, which is harmful software that steals logins, like a hidden camera watching you type passwords.

Since the breach, Meta has paused its contracts with Mercor indefinitely, according to Wired sources. OpenAI told Wired it was investigating its exposure but had not paused or ended contracts at the time. Business Insider also reported that five Mercor contractors have filed lawsuits over alleged exposure of their personal data.

Why it matters

Companies like Mercor handle sensitive data and sometimes the “secret recipe” behind how big AI systems are trained. If partners pause work or lawsuits grow, it can affect not just Mercor but also the wider supply chain that many AI products depend on.

Source: TechCrunch AI