After data breach, $10B-valued startup Mercor is having a month
Source: TechCrunch
Background
Six months ago, Mercor was flying high after raising a massive $350 million Series C that valued the AI data‑training startup at $10 billion. On March 31, the company admitted it was the target of a data breach.
Breach Details
A hacker group claimed to have obtained 4 TB of stolen data from Mercor’s systems, including candidate profiles, personally identifiable information, employer data, source code, and API keys. Mercor has not commented on the authenticity of the data, stating only that it is investigating and will continue to communicate with customers and contractors as appropriate.
The breach was linked to a hack of the open‑source tool LiteLLM. The tool, downloaded millions of times a day, harbored credential‑harvesting malware for about 40 minutes. The stolen credentials were then used to access additional software and accounts, creating a cascade of further credential theft.
Impact on Partnerships
- Meta has paused its contracts with Mercor indefinitely, according to sources reported by Wired.
- OpenAI confirmed to Wired that it is investigating its exposure in Mercor’s breach but has not paused or ended its contracts.
- Other large model makers are reportedly reassessing their relationships with Mercor, though details remain unconfirmed.
Legal Actions
Five of Mercor’s contractors have filed lawsuits over alleged personal data exposure, as reported by Business Insider. One lawsuit, reviewed by TechCrunch, even named LiteLLM and the compliance startup Delve as defendants.
Related Companies
- LiteLLM used AI‑compliance startup Delve to obtain security certifications. Delve has faced accusations of falsifying data for certifications and was subsequently severed from Y Combinator.
- LiteLLM later cut ties with Delve and is now working with another AI‑compliance startup to obtain certifications again. The company published a complete report on the security incident: LiteLLM Security Update – March 2026.
- Mercor itself was not a Delve customer, according to the company.
Financial Outlook
If the fallout continues, a significant amount of revenue could be at stake. An anonymous source told The Information that Mercor was on pace to exceed $1 billion in annualized revenue earlier this year before the data leak.