Craig T Fruchtman/Getty Images
- Contractors said in at least five lawsuits that AI training startup Mercor exposed their data to hackers.
- Mercor said last week it was “impacted” by compromised LiteLLM software.
- One of the suits seeks to hold LiteLLM, security audit firm Delve, and others liable.
Contractors filed five lawsuits against Mercor, the AI training firm valued at $10 billion, in the past week, accusing the company of violating data privacy and consumer protection laws.
The suits, filed in federal courts in California and Texas, allege Mercor’s negligence could have resulted in the disclosure of Social Security numbers, addresses, and other information, including recordings of interviews, to bad actors.
The lawsuits seek unspecified monetary damages.
Mercor said last week that it was impacted by a breach of the open-source project LiteLLM, which was created by Berrie AI, without describing the stolen data.
Techcrunch reported that sample materials posted by the hackers included Slack data and videos of conversations between Mercor contractors and an AI system.
It’s somewhat common for companies to be sued in the wake of a data breach. The biggest cases have settled for between $1 and $5 per class member, according to a survey of data-breach settlements from 2018 to 2021 by Cornerstone Research.
Victims with documented financial losses are sometimes paid more. Some settlements include non-monetary relief, like free credit monitoring.
A lawsuit filed by NaTivia Esson and her lawyers at Strauss Borrelli says she worked for Mercor from March 2025 to March 2026 and filled out a W-9 form with her personal identifying information each time she got work. She “trusted the company would use reasonable measures to protect it,” her complaint read.
“Because of the data breach, plaintiff anticipates spending considerable amounts of time and money to try and mitigate her injuries.”
Mercor declined to comment.
Mercor has used gig workers to train AI for clients including Meta, Facebook’s parent company. Meta paused its work with Mercor after the data breach, Business Insider previously reported.
One suit against Mercor also names Berrie AI and Delve Technologies, an “automated compliance” firm that had previously certified Berrie’s compliance with certain industry standards, as defendants. The complaint in that case said a “whistleblower” exposed misconduct at Delve.
Last month, Delve denied claims in an anonymously authored Substack post that accused it of facilitating “fake compliance” and arranging sham security audits.
Other legal challenges for Mercor might be on the horizon. An apparent lead-generation website, MercorClaims.com, went live on or around April 1, although it does not appear to be sending users to any particular law firm.
Berrie AI and Delve didn’t immediately respond to requests for comment.
Â
