Mercor, an AI recruiting startup, recently acknowledged a security breach following a supply chain attack involving the open source project LiteLLM. The company disclosed to TechCrunch that it was one of many firms impacted by the compromise of LiteLLM, which has been linked to the hacking group TeamPCP. The incident unfolded as an extortion hacking crew known as Lapsus$ claimed responsibility for infiltrating Mercor’s systems and exfiltrating data.
Details on how Lapsus$ acquired the stolen information from Mercor through TeamPCP’s cyberattack remain unclear. Mercor collaborates with organizations like OpenAI and Anthropic to train AI models using domain experts from various sectors, facilitating over $2 million in daily payouts. The firm reached a valuation of $10 billion after a $350 million Series C funding round in October 2025, led by Felicis Ventures.
Heidi Hagberg, a spokesperson for Mercor, stated that the company promptly responded to contain and address the security breach. Hagberg said, “We are conducting a thorough investigation with the support of leading third-party forensics experts. We will keep our customers and contractors informed directly and allocate necessary resources to resolve the issue swiftly.”
Earlier, Lapsus$ had claimed responsibility for the alleged data breach on its leak site and shared a sample of purportedly stolen data from Mercor, including references to Slack data, ticketing information, and videos depicting interactions between Mercor’s AI systems and contractors.
Source: TechCrunch