A cyberattack on Mercor, a recruitment AI startup valued at $10 billion, has triggered legal action and customer departures. The company confirmed the breach on April 2, though details remain limited. Two lawsuits filed in California allege negligence in protecting user data. At least three major clients have terminated contracts, including a Fortune 500 firm that processed 50,000 applications via Mercor’s platform last year.
The breach exposed personal information of job seekers, including names, email addresses, and resumes. Mercor’s response included a public statement acknowledging the incident and offering affected users a year of free credit monitoring. However, the company has not disclosed the number of affected individuals or the method used by attackers to gain access.
Legal filings reveal claims that Mercor failed to implement basic security measures. One lawsuit cites a 2024 audit that flagged vulnerabilities in the company’s data storage systems. Mercor’s chief executive, Rohit Rathi, has not commented publicly since the breach was reported.
The company’s troubles extend beyond legal risks. Two venture capital firms have paused further investments pending an independent security review. A former Mercor client in Europe confirmed the termination of services, citing concerns over data handling practices.
Mercor’s valuation has dropped by 18% in private markets since the incident, according to two sources familiar with secondary trades. The company’s future now hinges on the outcome of investigations and its ability to restore trust with clients and regulators.
Source: techcrunch.com