BusinessPostCorner.com
No Result
View All Result
Friday, July 17, 2026
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

Mercor, a $10 billion AI startup, confirms it was the victim of a major cybersecurity breach

April 2, 2026
in Business
Reading Time: 3 mins read
A A
0
Mercor, a  billion AI startup, confirms it was the victim of a major cybersecurity breach
ShareShareShareShareShare

Mercor, a startup that provides training data to major AI companies, confirmed that it was the victim of a security breach that may have exposed sensitive company and user data.

The three-year old startup, which is valued at $10 billion, recruits experts in fields ranging from medicine to law to literature, to help provide data the improves the capabilities of AI modes. Its customers include Anthropic, OpenAI , and Meta.

According to unconfirmed reports circulating online, datasets used by some of Mercor’s customers and information about those customers’ secretive AI projects may have been compromised in the breach.

The incident was linked to a supply chain attack involving LiteLLM, a widely used open-source library for connecting applications to AI services.

The company confirmed to Fortune it was “one of thousands of companies” affected by the supply chain attack on LiteLLM, which has been linked to a hacking group called TeamPCP. Mercor spokesperson Heidi Hagberg said that the company had “moved promptly” to contain and remediate the incident and said a third-party forensics investigation was underway.

“The privacy and security of our customers and contractors is foundational to everything we do at Mercor,” Hagberg said. “We will continue to communicate with our customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible.”

Mercor is widely-considered one of Silicon Valley’s hottest startups, having raised a $350 million in a Series C round led by venture capital firm Felicis Ventures last October. 

The TeamPCP hacking group planted malicious code inside LiteLLM, a tool used by developers to plug their applications into AI services from companies including OpenAI and Anthropic, that is typically downloaded millions of times per day, according to security firm Snyk. The code was designed to harvest credentials and spread widely across the industry before it was identified and removed within hours of discovery.

Lapsus$, a notorious extortion hacking gang, later claimed it had targeted Mercor and accessed its data. It’s not immediately clear how the gang obtained the data, and Mercor did not respond to specific questions from Fortune about the hacking group’s claims. TeamPCP is thought to have recently begun collaborating with Lapsus$ as well as other groups that specialize in ransomware and extortion, according to security researchers from the cybersecurity firm Wiz quoted in a story in Infosecurity Magazine.

TeamPCP is known for engineering so-called “supply chain attacks,” in which malware is planted inside code bases or software libraries that are widely used by programmers when writing their own code. Lapsus$, by contrast, is an older hacking group, known for social engineering and phishing attacks that focus on stealing user login credentials and then using those credentials to gain access to and steal sensitive data.

Lapsus$ has published samples of allegedly stolen data on its leak site, according to TechCrunch, including what appeared to be Slack data, internal ticketing information, and two videos purportedly showing conversations between Mercor’s AI systems and contractors on its platform. Lapsus$ claims to have obtained as much as four terabytes of data in total, including source code and database records. A single terabyte is approximately as much data as in 1,000 hours of video or 1,000 copies of the Encyclopedia Britannica.

Mercor may be an early indicator of a coming wave of extortion attempts stemming from the supply chain attack. TeamPCP has publicly stated its intention to partner with ransomware and extortion groups to target affected companies at scale, according to cybersecurity trade publication Cybernews. If true, that strategy would mirror campaigns carried out in the past by hacking groups.

In 2023, an attack from the Cl0p ransomware gang that exploited a vulnerability in MOVEit, a widely used file transfer tool, breached hundreds of organizations simultaneously, ultimately affecting nearly 100 million individuals across government agencies, financial institutions, and healthcare providers. Extortion attempts from that campaign dragged on for months.

Credit: Source link

ShareTweetSendPinShare
Previous Post

XRP Could Soon Become a State Treasury Asset

Next Post

On the move: Brown Plus president awarded Lifetime Achievement

Next Post
On the move: Brown Plus president awarded Lifetime Achievement

On the move: Brown Plus president awarded Lifetime Achievement

Is your AI really working? Why productivity isn’t the same as progress

Is your AI really working? Why productivity isn’t the same as progress

July 15, 2026
Netflix’s shares slide on disappointing growth forecasts

Netflix’s shares slide on disappointing growth forecasts

July 16, 2026
Best enterprise rank tracking software for high-traffic websites

Best enterprise rank tracking software for high-traffic websites

July 16, 2026
The ‘facade’ of the U.S.-Iran ceasefire crumbles after after largest round of fighting in months

The ‘facade’ of the U.S.-Iran ceasefire crumbles after after largest round of fighting in months

July 12, 2026
IRS rules free life insurance exchanges from tax traps

IRS rules free life insurance exchanges from tax traps

July 10, 2026
Gen Z’s AI anxiety isn’t really about AI

Gen Z’s AI anxiety isn’t really about AI

July 14, 2026
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

Trump Media to sell fast feed of key posts to Wall Street

Trump Media to sell fast feed of key posts to Wall Street

July 16, 2026
FASB chair plans for new standards, semiannual reporting

FASB chair plans for new standards, semiannual reporting

July 16, 2026

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!