Six months ago, AI data training startup Mercor celebrated a massive milestone, raising $350 million in Series C funding at a valuation of $10 billion. However, the company's momentum has stalled following a significant data breach admitted on March 31. A hacker group claims to have exfiltrated 4 terabytes of sensitive information, including candidate profiles, personally identifiable information, employer data, source code, and API keys. While Mercor has not confirmed the authenticity of the leaked data, it stated it is investigating the incident and is committed to resolving the matter as quickly as possible. The breach originated from a compromise of LiteLLM, a popular open-source tool downloaded millions of times daily. For a 40-minute window, the software contained credential harvesting malware designed to steal login details. Attackers leveraged these initial credentials to access further software and accounts, expanding the scope of the intrusion through a cascading effect. No formal assessment has been released regarding the total volume of data stolen from Mercor, but the fallout has been immediate and severe. Meta has suspended its contracts with Mercor indefinitely, citing security concerns, according to reports. This decision is significant because Mercor manages custom datasets and proprietary processes crucial for training large language models. Despite Meta's substantial investment in competitor Scale AI, it had previously maintained a working relationship with Mercor. In a slight development, OpenAI confirmed it is investigating its exposure in the breach but stated it has not yet paused or terminated its contracts. However, multiple sources indicate that other major model developers are reconsidering their relationships with Mercor. Legal repercussions are also mounting. Five contractors have filed lawsuits over alleged personal data exposure, according to Business Insider. One lawsuit reviewed by TechCrunch names both LiteLLM and Delve, an AI compliance startup, as defendants. The legal action stems from Delve's role in providing security certifications for LiteLLM. Delve has faced its own crisis after an anonymous whistleblower accused it of falsifying security data and using rubber-stamp auditors, leading Y Combinator to sever ties with the company. Although Delve has denied the allegations and implemented operational changes, it is now undergoing scrutiny. Notably, Mercor confirmed it was never a direct customer of Delve. LiteLLM has since published a report on the security incident and is working with a new compliance partner to regain certifications. For Mercor, the situation remains precarious. Before the breach, the company was on track to exceed $1 billion in annualized revenue. If the controversy persists and major clients continue to withdraw, the financial impact could be substantial. As Mercor navigates this crisis, the industry watches to see if it can recover its reputation and maintain its position as a leader in AI data training.