Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB Data Theft

Home Cyber Security News Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB Data Theft Mercor AI has officially confirmed a severe data breach following claims by the notorious Lapsus$ hacking group that they stole 4 terabytes of sensitive company data. The incident, stemming from a recent supply chain attack on the open-source LiteLLM project, has exposed proprietary source code, internal databases, and massive amounts of user-verification data. The hacking collective Lapsus$ has listed Mercor’s platform data for a live auction on the dark web, prompting interested buyers to “make an offer”. The threat actors claim to have exfiltrated the entirety of the 4-terabyte dataset by breaching the company’s Tailscale VPN. The extensively detailed stolen cache reportedly includes 939GB of platform source code, a 211GB user database, and 3TB of storage buckets containing video interviews and identity verification passports. Mercor AI Official Response In response to the extortion attempts, Mercor AI released a public statement emphasizing that the privacy and security of their customers and contractors remain their foundational priority. The company clarified that the breach was the direct result of a widespread supply chain attack involving the open-source routing library LiteLLM. Mercor’s security team promptly contained the incident and is currently conducting a comprehensive investigation alongside leading third-party forensics experts. THE PRIVACY AND SECURITY OF OUR CUSTOMERS AND CONTRACTORS IS FOUNDATIONAL TO EVERYTHING WE DO AT MERCOR. WE RECENTLY IDENTIFIED THAT WE WERE ONE OF THOUSANDS OF COMPANIES IMPACTED BY A SUPPLY CHAIN ATTACK INVOLVING LITELLM. OUR SECURITY TEAM MOVED PROMPTLY TO CONTAIN AND… — Mercor (@mercor_ai) March 31, 2026 The root cause of Mercor’s breach traces back to late March 2026, when a threat actor known as TeamPCP compromised the PyPI publishing credentials for the LiteLLM library. TeamPCP injected a three-stage malicious backdoor into versions 1.82.7 and 1.82.8, which was designed to harvest credentials and establish persistent system access. Because LiteLLM is widely integrated into AI applications, the malware executed immediately upon installation and impacted thousands of unsuspecting organizations. Founded in 2023, Mercor operates a highly successful AI recruitment platform that claims over $500 million in revenue and connects specialized domain experts with major AI firms like OpenAI and Anthropic. The startup facilitates over $2 million in daily payouts and now faces significant operational risks due to the exposure of its contractors’ personal information. The leak of internal AI source code and sensitive KYC materials poses severe security implications for both the $10 billion platform and its extensive user base. Lapsus$ is a well-known cybercrime syndicate with a history of targeting high-profile technology companies using aggressive extortion tactics. The group frequently uses public data leaks and dark web auctions to pressure victims into paying ransoms after initial private negotiations fail. Their involvement in the Mercor AI breach highlights a continuing trend of threat actors exploiting upstream supply chain vulnerabilities to access massive downstream corporate datasets. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Google Now Allows You to Change Your @gmail.com Address in a Few Simple Steps Cyber Security News Hackers Weaponize Legitimate Windows Tools to Disable Antivirus Before Ransomware Attacks Cyber Security News Google Unveils Ransomware Detection and File Restoration for Google Drive Top 10 12 Best AWS Monitoring Tools in 2026 March 30, 2026 10 Best Spam Filter Tools 2026 March 30, 2026 10 Best Log Monitoring Tools in 2026 March 30, 2026 10 Best Fraud Detection Tools in 2026 March 30, 2026 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026