Mercor, an artificial intelligence-powered recruitment and contractor management platform valued at approximately ten billion dollars, disclosed that it experienced a cyberattack that exposed sensitive personal data belonging to tens of thousands of workers. The breach, reported in late March 2026, was tied to a supply chain compromise affecting LiteLLM, an open-source library widely used by AI companies to manage interactions with large language model APIs.
The attack, attributed to a threat actor known as TeamPCP, resulted in the theft of approximately four terabytes of data from Mercor's systems. The compromised information reportedly included passport scans, Social Security numbers, and other personally identifiable information from the roughly 40,000 contractors who had registered on the Mercor platform.
Mercor facilitates connections between companies and freelance workers, specializing in AI-focused projects. The platform's customer roster reportedly includes large technology companies. Following disclosure of the breach, Meta announced it was pausing its work with Mercor while the company conducted an investigation and implemented remediation measures.
The LiteLLM supply chain vector is notable because the library is used as a proxy layer in many enterprise AI stacks to route requests between different language model providers. A compromise at the library level can affect multiple downstream applications simultaneously, creating systemic risk across AI-dependent platforms that share common infrastructure dependencies.
Source: TechCrunch -- https://techcrunch.com/2026/03/31/mercor-says-it-was-hit-by-cyberattack-tied-to-compromise-of-open-source-litellm-project/