Mercor: Biometric and Identity Document Breach via Supply Chain Attack

AI startup Mercor, valued at $10 billion, has confirmed a major data breach exposing user identity documents alongside face and voice biometric data. The breach, attributed to a hacking group known as TeamPCP, was carried out through a supply chain compromise of the open-source library LiteLLM. The exposed biometric data creates immediate and serious deepfake fraud risk for affected individuals and the enterprises that rely on biometric authentication.

What Happened

Mercor, a three-year-old startup that supplies AI training data to major firms including Anthropic, OpenAI, and Meta, disclosed that attackers compromised its systems through malicious code injected into LiteLLM, an open-source tool widely used by developers to connect applications to AI model APIs. Mercor described itself as "one of thousands" of organizations impacted by the poisoned library. The company says it "moved promptly" to contain the breach and has engaged third-party forensic investigators. Meta has paused all work with Mercor while the incident is assessed.

What Was Taken

The confirmed exposure includes:

Government-issued identity documents (passports, driver's licenses, national IDs)
Facial biometric data (images sufficient for deepfake generation)
Voice biometric data (audio samples sufficient for voice cloning)
AI training datasets used by Mercor's clients, potentially including details of confidential AI projects

The combination of ID documents with matching face and voice biometrics is particularly dangerous. Unlike passwords, biometric data cannot be rotated or reset. This is a permanent compromise for every affected individual.

Why It Matters

This breach hands threat actors a turnkey deepfake toolkit. As Reality Defender CEO Ben Colman stated: "Mercor just handed bad actors the keys to creating deepfakes of countless people." Attackers no longer need to scrape social media or collect biometric samples over time. They now have high-fidelity, verified identity packages linking real documents to real biometrics.

Defenders should expect a wave of downstream attacks in the coming weeks and months, including:

CEO and executive impersonation via cloned voices
Synthetic identity fraud using real document templates matched with deepfaked faces
Bypassing of KYC (Know Your Customer) and biometric authentication systems
Social engineering campaigns using convincing video or audio deepfakes
Potential exposure of confidential AI project details from Mercor's client base

Organizations using biometric-only verification are now directly exposed.

The Attack Technique

The intrusion leveraged a supply chain attack against LiteLLM, a popular open-source Python library that acts as a proxy layer for multiple LLM APIs. TeamPCP inserted malicious code into the library designed to harvest credentials at scale. Any organization pulling the compromised version of LiteLLM into their environment would have unknowingly introduced the backdoor. From there, the attackers used harvested credentials to access Mercor's data stores. This attack pattern mirrors the playbook seen in previous supply chain incidents like SolarWinds and the XZ Utils backdoor: compromise a trusted, widely-deployed dependency to reach high-value targets downstream.

What Organizations Should Do

Audit LiteLLM usage immediately. Determine if your environment uses LiteLLM, which version is deployed, and whether compromised builds were pulled. Pin dependencies and verify checksums against known-good releases.
Rotate all API keys and credentials that may have been exposed through LiteLLM integrations. Assume any secrets passed through the library are compromised.
Do not rely on biometrics as a single authentication factor. Layer biometric checks with liveness detection, device binding, and behavioral analysis. Static biometric matching alone is now trivially defeatable with this dataset in the wild.
Deploy deepfake detection on high-risk workflows. Any process that accepts video or voice verification (executive approvals, wire transfers, KYC onboarding) needs active synthetic media detection.
Monitor for impersonation of affected individuals. If your organization shared data with Mercor, assume your people are targets. Alert employees and contractors whose biometric data may have been exposed.
Review third-party data handling agreements. Evaluate what biometric data you are sharing with AI training vendors and whether those vendors meet your security requirements for sensitive PII.

Sources: AI company's breached biometrics, ID document images make deepfake fraud easier