Meta Halts Mercor Work After Breach Exposes Sensitive AI Training Data
Meta has indefinitely paused work with data contractor Mercor after a major breach at the startup raised concerns that proprietary human-generated training datasets used by leading AI companies may have been exposed. Mercor supplies training data to firms including OpenAI and Anthropic, and the incident has prompted other AI labs to reevaluate their ties to the company. Mercor confirmed the attack internally on March 31 and said it was linked to a broader incident affecting multiple organizations.
The breach is considered especially sensitive because exposed datasets could reveal details about AI model training pipelines and other competitive information. OpenAI said it is investigating whether its proprietary training data was affected, while adding that no OpenAI user data was exposed. Reporting tied the intrusion to compromised versions of the LiteLLM AI API tool, with researchers attributing the activity to TeamPCP rather than a threat actor simply using the Lapsus$ name; the disruption also reportedly affected contractor work on Meta-related projects, including Chordus.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
Mercor faces multiple class-action lawsuits over breach
By April 14, Mercor was reported to be facing at least four class-action lawsuits tied to the LiteLLM-related breach. The filings allege exfiltration of consumers' and employees' personally identifiable information and assert claims including negligence, breach of implied contract, unjust enrichment, and violations of California's Unfair Competition Law.
Other AI labs reevaluate Mercor relationships after breach
Following disclosure of the incident, other major AI labs were reported to be reassessing their relationships with Mercor. The reviews reflected concern that exposed contractor-generated datasets could reveal sensitive details about AI model training pipelines.
Meta pauses work with Mercor during breach investigation
Meta indefinitely paused all work with Mercor while investigating the breach. The disruption affected contractor work on Meta-related projects, with some workers reportedly unable to log hours as Mercor reassessed project scope.
Researchers tie incident to compromised LiteLLM versions and TeamPCP
Reporting indicated the breach was connected to compromised versions of the LiteLLM AI API tool. Researchers attributed the activity to TeamPCP rather than to a threat actor simply using the Lapsus$ name.
OpenAI investigates possible exposure of proprietary training data
OpenAI said it was investigating whether its proprietary training data may have been exposed through the Mercor incident. The company stated that no OpenAI user data was affected.
Mercor confirms security breach internally
Mercor internally confirmed a major security breach affecting the startup and linked it to a broader incident impacting many organizations. The company began assessing the scope of potential exposure involving proprietary AI training datasets.
Lapsus$ claims theft of 4TB of Mercor data
On March 30, the group Lapsus$ reportedly claimed it had stolen 4TB of data from Mercor. The alleged haul included candidate profiles, personally identifiable information, video interviews, source code, and other proprietary company information.
Malicious LiteLLM packages uploaded to PyPI in supply-chain attack
On 2026-03-23, attackers using a stolen LiteLLM publishing token uploaded backdoored versions 1.82.7 and 1.82.8 to PyPI, where they were available for about three hours. The compromise was later linked to TeamPCP and described as stemming from a CI/CD breach that enabled direct malicious package publication.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
13 references tracked. Mallory keeps watching after this page renders.
teiss - News - Mercor faces class-action lawsuits after data breach exposes contractor information
teiss.co.uk
Open sourceExplained: The Mercor Hack (April 2026)
halborn.com
Open sourceMercor Data Breach Investigation | Hall Attorneys
hallattorneys.com
Open sourceMercor subjected to several breach-related lawsuits | brief | SC Media
scworld.com
Open sourceteiss - News - Mercor confirms security incident tied to LiteLLM supply chain attack
teiss.co.uk
Open sourceMeta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk | WIRED
wired.com
Open sourceAI startup Mercor confirms security incident linked to LiteLLM supply chain attack | brief | SC Media
scworld.com
Open sourceMercor confirms cyberattack as hackers claim 4TB of critical data in possession | Cybernews
cybernews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Meta Halts Mercor Work After LiteLLM Supply-Chain Breach Exposes Candidate Data
Meta paused work with AI hiring startup Mercor after Mercor disclosed a breach tied to the malicious `LiteLLM` packages `1.82.7` and `1.82.8`, which were published to PyPI after attackers stole the project’s publishing token through a compromised CI/CD chain involving Trivy tooling. Security reporting said the tainted packages harvested credentials and deployed a multi-stage backdoor capable of stealing API keys, cloud credentials, SSH keys, Kubernetes tokens, CI/CD secrets, database passwords, and other sensitive data, leading responders to treat affected environments as fully compromised. Mercor said the incident exposed source code and candidate information, while reports citing the attackers said as much as **4TB** of data was taken, including candidate profiles, personally identifiable information, employer data, and API keys, with one claim alleging access via `Tailscale` VPN. The fallout spread quickly across Mercor’s customers and partners: Meta reportedly froze contracts indefinitely while investigating whether AI training data or related secrets were at risk, OpenAI reviewed its own exposure while keeping contracts in place, and the breach triggered lawsuits and broader scrutiny of software supply-chain risk across the AI ecosystem.
May 25, 2026
Meta Suspends Internal AI Training Program After Employee Data Exposure
Meta halted its internal **Model Capability Initiative (MCI)** after a permissions misconfiguration exposed sensitive employee-monitoring data to the company’s broader workforce. The program, launched in April for U.S.-based employees, collected detailed telemetry including mouse movements, clicks, keystrokes, and occasional screenshots to train internal AI and machine-learning systems. Reuters-reported documents indicated the exposed data included private conversations, AI prompts and request transcripts, and other records gathered from internal systems. Internal concerns had reportedly been raised earlier about both the intrusiveness of the monitoring and data-storage weaknesses, with a later security alert finding confidential information accessible in cleartext to Meta employees. The exposed material reportedly included named HR performance data and documents classified under DSS sensitivity levels 1 through 4. Meta said it has found no evidence of improper employee access or malicious exploitation, but it suspended the program while investigating and has not said when, or in what form, it may resume.
Jun 25, 2026
Mercor Breach Traced to Malicious LiteLLM Packages in Supply-Chain Attack
AI recruiting firm **Mercor** confirmed a security incident after attackers leveraged the **LiteLLM** supply-chain compromise to gain access to its environment. Reports said unauthorized publishes to the project's **PyPI** packages introduced credential-stealing malware designed to harvest API keys, cloud secrets, and tokens from organizations using the open-source LLM gateway. Mercor said it was among thousands of organizations affected, contained and remediated the issue, and brought in external forensic experts as the investigation continued; LiteLLM separately said it was investigating the malicious package activity and released a clean version of the software. Security reporting identified Mercor as the first publicly confirmed downstream victim of the campaign, with stolen credentials allegedly used for lateral movement inside internal infrastructure and the exfiltration of roughly **4 TB** of data. The reportedly stolen data included source code, internal databases, and cloud-stored operational material such as videos and verification workflows. Researchers linked the incident to a broader wave of poisoned developer-tool compromises, including **Trivy** and **KICS**, and warned that related attacks may have impacted more than **1,000 SaaS environments** and potentially hundreds of thousands of machines; separate claims by **Lapsus$** and reporting tying the operation to **TeamPCP** remained unresolved in the cited coverage.
Apr 3, 2026