Mercor hit with 5 contractor lawsuits in a week over data breach

In a dramatic turn of events, Mercor, the AI training firm valued at $10 billion, is facing five separate lawsuits from contractors over alleged violations of data privacy and consumer protection laws. These legal actions were initiated in federal courts located in California and Texas, with plaintiffs claiming that Mercor's negligence may have led to the exposure of sensitive information such as Social Security numbers, personal addresses, and recordings from interviews. The lawsuits seek unspecified monetary damages, bringing to light the serious implications of the data breach. Mercor recently acknowledged that it was affected by a breach involving the open-source project LiteLLM, developed by Berrie AI, although details regarding the compromised data remain unclear. Reports indicate that hackers shared sample materials, including Slack messages and recordings of conversations between Mercor’s contractors and an AI system. Data breaches often result in legal actions against companies, with previous settlements typically ranging from $1 to $5 per affected individual, according to a study by Cornerstone Research that examined data-breach settlements from 2018 to 2021. Those who can demonstrate financial losses may receive higher compensation, and some settlements offer additional benefits, such as free credit monitoring. One of the lawsuits, brought forth by NaTivia Esson and her legal team at Strauss Borrelli, outlines her experience with Mercor from March 2025 to March 2026, during which she submitted her personal information via a W-9 form for work. Esson expressed her trust in the company’s commitment to safeguarding her data, stating in her complaint that the breach has forced her to anticipate significant time and financial investment to mitigate the repercussions of this incident. Mercor has not provided any comments regarding the lawsuits. The company has been employing gig workers to assist in AI training for various clients, including Meta, the parent company of Facebook. Following the data breach, Meta reportedly halted its collaboration with Mercor, as noted by Business Insider. Among the lawsuits, one also names Berrie AI and Delve Technologies, which is an automated compliance firm previously recognized for certifying Berrie's adherence to industry standards. This particular complaint references a whistleblower's allegations of misconduct at Delve, which the company denied last month in an anonymous Substack post accusing it of enabling 'fake compliance' and conducting phony security audits. As the situation unfolds, additional legal challenges may be looming for Mercor. A website, MercorClaims.com, appeared around April 1, although it currently does not seem to direct individuals to any specific law firm for legal assistance. Berrie AI and Delve Technologies have yet to respond to inquiries regarding their involvement in these lawsuits.