Mercor Faces Five Lawsuits After Data Breach
Mercor, a $10 billion AI training-data firm, is facing five contractor lawsuits within a week after a supply-chain–linked security breach. The incident traces to malicious code inserted into the open-source LiteLLM library; attackers linked to TeamPCP (and later claimed by Lapsus$) harvested credentials and may have exposed contractor and customer datasets. Mercor says it was “one of thousands” affected, has contained the incident, engaged third-party forensics, and is communicating with stakeholders. Lawsuits allege violations of data privacy and consumer-protection laws and signal immediate legal and contractual fallout for a firm that supplies training data to major AI labs including Anthropic and OpenAI.
Scoring Rationale
A supply-chain attack affecting a major training-data provider poses significant technical and legal risks to practitioners and customers across the AI stack. The story materially affects vendor risk, dependency management, and data governance, though it is not yet an industry-defining platform shift.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
Sources
- Read Original?Mercor hit with 5 contractor lawsuits in a week over data breach