Several plaintiffs filed class-action lawsuits in a California federal court on April 1 claiming damages resulting from an alleged data breach affecting Mercor, a recruiting company for artificial intelligence industry professionals.
At least four such cases appeared in the U.S. District Court for the Northern District of California this month. Each of the plaintiffs are independent contractors who used Mercor to obtain work through the company’s platform as experts to train other organizations’ AI models and chatbots.
According to documents in one of the cases, Esson v. Mercor.io Corporation, the company suffered a breach in March allegedly resulting in the loss of sensitive personal identifiable information about employees and consumers.
The plaintiffs each alleged that Mercor failed to train staff on best cybersecurity practices to prevent such a breach. They alleged damages including negligence, unjust enrichment, breach of implied contract, breach of privacy and violation of California’s Unfair Competition Law, which prohibits unlawful, unfair or fraudulent business practices.
Mercor did not immediately respond to a request for comment. The company previously confirmed the breach to Techcrunch, which reported that Mercor was one of “thousands” of companies affected by a hacking group’s exploit of LiteLLM, an open source interface for several AI platforms. Meta is among the companies that have paused work with Mercor amid the breach, Wired reported.
Plaintiffs claimed that while the precise number of affected persons is unclear, the size of the putative class is over 100 affected employees and Mercor customers. They asked for relief including certification of the class, injunctive relief and payment of out-of-pocket costs associated with prevention, detection and recovery from fraud, identity theft or unauthorized use of sensitive data, among other provisions.
Sensitive information is commonly stored in HR systems, making HR data a common target for criminals. Sources who previously spoke to HR Dive on the subject emphasized the need for organizational alignment on policies regarding data access, storage and retention. CHROs play a key role in defending against cyber attacks given that many begin as the result of phishing attacks and similar exploits involving employees, experts said.
Several attacks have affected HR recruiting operations in recent years. Background screening services provider DISA Global Solutions, Inc. disclosed a breach in early 2025 affecting more than 3.3 million users. And last August, a breach of a Michigan ManpowerGroup franchise potentially exposed the personal information of 145,000 customers.
