AI recruiting startup Mercor has confirmed a security breach amid claims by hacking group Lapsus$ of stealing 4 terabytes of sensitive data in a large-scale supply chain attack.
Mercor, an AI recruiting platform valued at around $10 billion, has acknowledged a data breach following claims made by the hacking group Lapsus$. The company stated that it is investigating the incident with the help of third-party cybersecurity experts and has taken steps to contain the breach.
Lapsus$ has alleged that it accessed approximately 4 terabytes of data from Mercor, including source code, user databases, video interviews, and identity verification documents. The group reportedly attempted to auction the stolen data on the dark web.
Also Read
Mercor has not confirmed the full extent of the alleged data theft, including whether sensitive contractor identity documents were compromised.
Supply chain attack linked to LiteLLM
The breach is believed to be connected to a broader supply chain attack involving a compromised version of the open-source library LiteLLM. Malicious versions of the software were briefly made available through the PyPI repository after a maintainer’s credentials were compromised.
These compromised versions reportedly included embedded backdoors capable of harvesting credentials and enabling persistent access. Because LiteLLM is widely used in AI infrastructure, systems configured to automatically update packages may have inadvertently installed the malicious code.
The incident is described as part of a supply chain attack affecting multiple organisations globally. Security researchers estimate that thousands of systems may have downloaded the compromised package during the short window it was available.
Reports indicate that the attack may have impacted a wide range of companies beyond Mercor, with ongoing investigations suggesting a broader pattern of compromise across SaaS and AI environments.
Data reportedly involved
According to claims made by Lapsus$, the stolen dataset includes large volumes of sensitive material such as:
- Platform source code
- User databases
- Video interview recordings
- Identity verification documents
The alleged inclusion of identity verification data raises concerns for contractors who use the platform, as Mercor requires users to submit personal identification for onboarding.
Company response
Mercor has stated that it is working to assess the incident and mitigate its impact. The company has indicated that operations remain largely unaffected while investigations continue. It has not publicly confirmed the authenticity of the hackers’ claims regarding the volume or nature of the data accessed.
The incident highlights risks associated with supply chain attacks, where widely used software components are compromised to infiltrate multiple organisations at once. Given the reliance of AI companies on shared libraries and tools, such attacks can have cascading effects across the industry.
The investigation is ongoing, and the full scope of the breach, including the number of affected users and organisations, has not yet been confirmed.
Published: 03 Apr 2026, 12:59 pm IST
Related Topics
Subscribe to our Newsletter
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.