Five separate lawsuits have been filed against the artificial intelligence training company Mercor in the past week, alleging the firm violated data privacy and consumer protection laws. The legal actions, submitted in federal courts in California and Texas, stem from a data breach that could have exposed contractors' personal information.

The plaintiffs, who worked as contractors for Mercor, accuse the company of failing to protect sensitive data including Social Security numbers, addresses, and recordings of interviews. The breach is linked to a security incident involving the open-source project LiteLLM, created by Berrie AI.

Allegations and Stolen Data

The lawsuits seek unspecified monetary damages for the alleged negligence. According to the complaints, hackers obtained and posted sample materials including internal Slack communications and videos of conversations between Mercor contractors and an AI system.

One plaintiff, NaTivia Esson, stated in her filing that she worked for Mercor from March 2025 to March 2026 and submitted a W-9 form containing her personal identifying information for each assignment. "She trusted the company would use reasonable measures to protect it," her complaint reads.

Broader Fallout and Industry Context

Mercor, which has used gig workers to train AI models for clients including Meta, saw its work with the Facebook parent company paused following the breach. The company declined to comment on the litigation.

Data-breach lawsuits are common, with major settlements typically ranging from $1 to $5 per class member, according to a Cornerstone Research survey of cases from 2018 to 2021. Victims with documented financial losses often receive higher compensation, and settlements can include non-monetary relief like free credit monitoring.

Additional Defendants and Future Challenges

One lawsuit also names Berrie AI and Delve Technologies, an "automated compliance" firm, as defendants. The complaint alleges a "whistleblower" exposed misconduct at Delve, which last month denied claims in an anonymous Substack post accusing it of facilitating "fake compliance."

Further legal challenges may be forthcoming. A lead-generation website, MercorClaims.com, went live around 1 April, though it does not currently direct users to a specific law firm. Berrie AI and Delve Technologies did not immediately respond to requests for comment.