AI startup Mercor faces mass litigation following data breach – report

Following an extensive data breach, the billion-dollar artificial intelligence company Mercor is facing several class-action lawsuits from workers alleging that the AI hiring startup mishandled sensitive data.

Mercor, which supplies data from human contractors to AI firms, is alleged to have collected data from its contractors in breach of legal guidelines in at least seven lawsuits, The Wall Street Journal reported last week.

One lawsuit filed in California last week claims that Mercor exposed recorded job interviews, facial biometric data, screenshots of workers’ computers, and other sensitive materials. 

Plaintiffs also allege that Mercor monitored contractors’ devices and shared background check data with partners.

Mercor denied wrongdoing in a statement, saying it “strongly disputes the speculative claims” and complies with all relevant laws and regulations.

“We take the privacy of our customers, contractors, employees, and those we interview very seriously, and we comply with all relevant laws and regulations. We are conducting a thorough investigation with leading third-party forensics experts and are communicating directly with affected stakeholder groups as we have findings,” the company said.

AI companies seek new data to train models

Companies like Mercor, which has tens of thousands of contractors, increasingly seek to train AIs on “specialist sources,” Shayne Longpre, an MIT Ph.D. candidate who researches AI, told the Journal.

“A lot of the data-acquisition strategies seem to be moving towards more specialist sources,” he said, pointing to those who are “extremely knowledgeable and have executed complex tasks in finance, healthcare, law, the sciences.”

According to Longpre, the rush to beat competitors in the constantly developing field of AI has its consequences.

“There’s an incentive right now to figure out the rules and regulations after,” he said, “and to capture as much of the market in the short term first.”

In early April, extortion-hacker group Lapsus$, which has targeted companies such as Microsoft, NVIDIA, and Samsung in the past, took credit for hacking Mercor, claiming to have stolen four terabytes of data, including almost a terabyte of the company’s source code and three terabytes of video and verification data, offering it for sale in an auction. Later, Mercor confirmed that it had been the target of a cyber-attack.

Following the announcement, Meta suspended its contracts with Mercor, and reports indicate that other AI companies have considered cutting ties with the now-extremely controversial startup.