AI Recruiting Giant Mercor Hit by Massive Data Breach, Lapsus$ Claims 4TB of Stolen Data

AI recruiting giant Mercor, valued at $10 billion and serving OpenAI, Anthropic, and Meta, confirms a major data breach after hacking group TeamPCP planted malicious code in open-source AI library LiteLLM, with notorious extortion group Lapsus$ now claiming to hold 4TB of stolen data including source code, database records, and internal communications.

• Mercor, a $10 billion AI recruiting startup serving clients like OpenAI, Anthropic, and Meta, confirms it has suffered a major data breach potentially exposing sensitive company and user data.
• The breach stems from a supply-chain attack on LiteLLM, a widely used open-source AI library, carried out by hacking group TeamPCP, which planted malicious credential-harvesting code affecting thousands of companies.
• Notorious extortion group Lapsus$ claims to have obtained up to four terabytes of Mercor's data, including source code, database records, and internal communications, and has published alleged samples on its leak site.