Candidate records and Social Security numbers
Public reporting cited in the complaint indicates roughly 211 GB of candidate records — including resumes, verified contact information, and Social Security numbers — was among the data exfiltrated.
Case Filed · N.D. Cal. No. 3:26-cv-03362
Mercor Data Breach Class Action
On April 21, 2026, Hausfeld LLP and Hall Attorneys, P.C. filed a putative class action in the Northern District of California alleging that Mercor's AI-driven labor platform centralized recorded AI interviews, facial biometrics, background-check dossiers, tax and banking data, and personal-device screenshots captured through Insightful monitoring, and that a LiteLLM supply-chain compromise exfiltrated roughly four terabytes of that data.
Why the Mercor data breach matters
The complaint alleges that Mercor was not merely a job board: it operated an AI-driven labor platform that collected the functional equivalent of full HR files on applicants and workers — resumes, recorded AI interviews, facial biometric data, third-party background-check dossiers, W-9 and banking information, client-facing work-trial outputs, and, for many workers, personal-device screenshots captured through Insightful monitoring. The complaint further alleges that Mercor routed this data through opaque AI scoring, direct client review, and retained-and-reused interview analytics, creating de facto HR files that applicants and workers could not review, correct, or dispute. Mercor's published Privacy & Cookies and AI & Data Usage materials acknowledge collection of many of these data categories. The breach is alleged to have been enabled by a LiteLLM supply-chain compromise that resulted in the exfiltration of roughly four terabytes of that data, including high-definition interview video and facial biometrics used for identity matching.
AI interview video and facial biometrics
The complaint alleges that approximately 3 TB of high-definition interview recordings, passport and driver's license scans, and facial biometric data used for identity matching was exfiltrated — by far the bulk of the stolen data.
Background checks, tax, and payment data
Plaintiffs allege Mercor required third-party background checks through vendors such as Certn or Zinc, and collected W-9 tax information, Stripe-connected banking details, and payment records during onboarding.
Insightful monitoring and personal-device screenshots
The complaint alleges Mercor required at least some workers to install Insightful on their personal computers, capturing screenshots as frequently as every 30 to 60 seconds across at least 240 applications and websites, including personal banking, health portals, telehealth, and personal email.
What to do if you think your Mercor information was exposed
Immediate documentation matters. Even when a company is still investigating, preserving records early can make later fraud, identity-theft, or legal review much easier.
Step 1
Preserve every email and screenshot
Save any Mercor security message, unexpected login email, password reset, or support communication with full headers and timestamps intact.
Step 2
Change credentials and review accounts
Reset your Mercor password, update any reused passwords, and monitor email, payroll, tax, and banking accounts that may be connected to your Mercor profile.
Step 3
Request records in writing
Ask Mercor to confirm what information it maintained about you, whether your account was implicated, and what remediation or monitoring it is offering.
Step 4
Document time lost and out-of-pocket costs
Keep a running log of time spent on remediation, fraud monitoring, account lockouts, and any costs tied to suspicious activity or identity protection.
How Hall Attorneys can help
We can assess the facts you have, help you preserve the right records, and evaluate whether the incident created meaningful legal exposure. If you have already seen suspicious logins, phishing attempts, tax issues, or payment-related problems, a documented timeline is especially important.
Mercor's Legal Support page says users can request account deletion through settings and that some information may be retained for legal or tax reasons. If you need to act quickly, preserving copies of your dashboard, emails, and any notices before making changes is usually the better first move.
Frequently asked questions
Who filed the Mercor class action and in what court?
Hausfeld LLP and Hall Attorneys, P.C. filed the complaint on April 21, 2026 in the U.S. District Court for the Northern District of California, San Francisco Division. The case is captioned Ananthula, et al. v. Mercor.io Corporation, et al., No. 3:26-cv-03362. Defendants include Mercor.io Corporation, Delve AI, Inc., Berrie AI Incorporated d/b/a LiteLLM, and ten Doe AI Lab Defendants.
What data was exfiltrated in the March 2026 Mercor breach?
The complaint alleges that a group calling itself 'TeamPCP' exfiltrated roughly four terabytes of data on or about March 24, 2026 via a LiteLLM supply-chain compromise. Public reporting cited in the complaint identifies approximately 211 GB of candidate records (resumes, verified contact information, and Social Security numbers), 3 TB of video and identity-verification data (HD interview recordings, passport and driver's license scans, and facial biometric data used for identity matching), and 939 GB of source code, internal dashboards, and hardcoded API keys.
What claims does the complaint assert?
Ten counts: negligence, breach of implied contract, intrusion upon seclusion, violation of the FCRA (15 U.S.C. § 1681b(b)), Illinois BIPA (740 ILCS 14/15(a), (b), (d)), Illinois Artificial Intelligence Video Interview Act (820 ILCS 42/5, 10, 15, 20), Illinois Consumer Fraud and Deceptive Business Practices Act (815 ILCS 505/2), Florida Deceptive and Unfair Trade Practices Act (Fla. Stat. §§ 501.201 et seq.), unjust enrichment, and declaratory and injunctive relief.
Who may be in the proposed classes?
The complaint seeks certification of a nationwide class of persons whose data was collected, stored, used, or exfiltrated in connection with the March 2026 Mercor incident, plus applicant, worker, Illinois biometric, Illinois video interview, FCRA, and Florida consumer subclasses.
What should I do if I received a Mercor breach notice on or after March 31, 2026?
Preserve the Mercor notice, any follow-up communications, and any emails with full headers and timestamps. Change reused passwords, enable multi-factor authentication, and monitor connected banking, payroll, tax, and health accounts. Keep a written log of any suspicious activity, phishing attempts, time spent on remediation, and any out-of-pocket costs. If you completed a Mercor AI video interview while residing in Illinois, you may have additional statutory rights under BIPA and the AI Video Interview Act.
Attorney Advertising
The information you provide in your email will be kept confidential and will be used only to evaluate your potential claim. Sending an email does not create an attorney-client relationship. Do not send highly confidential information unless we specifically request it through a secure channel.