Cyber Incident Victim: Mercor

On March 27 2026 a threat actor group known as TeamPCP published two malicious versions of the LiteLLM Python package, numbered 1.82.7 and 1.82.8, to the PyPI repository after compromising a maintainer’s credentials obtained through a prior supply chain attack on the Trivy security scanner. The tainted packages remained available for roughly forty minutes before being identified and removed. Version 1.82.7 contained base64‑encoded malware in the library’s proxy server code that executed on import, while version 1.82.8 used a malicious path configuration file that triggered on every Python process startup; both variants were designed to harvest environment variables, API keys, SSH keys, cloud credentials for AWS, Google Cloud and Azure, Kubernetes configurations, CI/CD secrets and database credentials and exfiltrate the data to a server at models.litellm[.]cloud. Mercor, which uses LiteLLM in its environment, was among the thousands of organizations that automatically downloaded the compromised packages. On March 30 Mercor issued a statement confirming it had identified that it was one of thousands of companies impacted by a supply chain attack involving LiteLLM and said its security team had moved promptly to contain and remediate the incident. The company added that it was conducting a thorough investigation supported by leading third‑party forensics experts. Mercor later admitted on March 31 that it had been the target of a data breach, noting that a hacker group had claimed to have obtained four terabytes of data from its systems.

According to court filings and claims made by the hacking groups involved, the stolen cache includes approximately 939 gigabytes of platform source code, a 211‑gigabyte user database and roughly three terabytes of video interview recordings and identity verification documents, with the exposed information potentially containing the full names and Social Security numbers of more than 40,000 current and former Mercor contractors and customers. The breach also raised concerns that data selection criteria, labeling protocols and training strategies used by Mercor’s AI‑lab clients may have been exposed, a risk highlighted by Meta’s decision to suspend its collaboration with Mercor indefinitely. OpenAI said it was investigating its exposure but had not paused or ended its contracts, while Anthropic had not publicly commented on its exposure and Google was assessing the breach’s scope. The extortion group Lapsus$ listed Mercor on its leak site on Monday, claiming theft of over four terabytes of data and auctioning the information, which allegedly includes candidate profiles, personally identifiable information, employer data, user accounts and credentials, video interviews, proprietary information, source code, keys and secrets and TailScale VPN data. In response to the breach, at least four class‑action lawsuits were filed in the U.S. District Court for the Northern District of California on April 1, with plaintiffs alleging negligence, unjust enrichment, breach of implied contract, breach of privacy and violation of California’s Unfair Competition Law and seeking class certification, injunctive relief and reimbursement for out‑of‑pocket costs related to fraud, identity theft and unauthorized data use. Mercor stated it would continue to communicate with customers and contractors directly as appropriate and devote the resources necessary to resolving the matter as soon as possible.