AI hiring platform Mercor has been hit by a cybersecurity incident, prompting Meta to suspend its collaboration with the company while the situation is investigated.
The breach has been linked to a wider supply-chain attack involving a compromise to LiteLLM, an open-source tool used by developers to connect applications with AI systems. Mercor confirmed that it was among many organisations affected by this compromise and said it acted quickly to contain the issue and begin remediation efforts. The company is now working with external forensic experts to assess the full impact.
Mercor plays a key role in the AI ecosystem by supplying trained human contractors and curated datasets used to build and refine AI models for major technology companies. Because this data is often sensitive and proprietary, the breach has raised concerns across the industry about potential exposure of valuable information.
In response, Meta has halted its work with Mercor for the time being. The pause reflects increasing caution among large tech firms when dealing with third-party vendors, especially in areas involving critical data and AI development. Other companies are also reviewing their relationships with Mercor as more details about the incident emerge according to wired.
Cybersecurity experts warn that the attack could be part of a broader campaign. Reports suggest that the group behind the breach may attempt to collaborate with ransomware operators to target affected organisations more aggressively, raising the risk of further disruptions by hacking groups like TeamPCP.
The incident highlights the growing vulnerabilities in the AI supply chain, particularly when widely used open-source tools are compromised. It also underscores how a single security lapse can have ripple effects across multiple companies and partnerships in the fast-growing AI industry.
Common cyberattack risks facing recruitment companies
Recruitment firms handle large volumes of sensitive personal and corporate data, making them prime targets for cyberattacks. Some of the most common threats include:
- Supply chain attacks Cybercriminals target third-party software providers (such as applicant tracking systems, payroll tools, or CRM platforms) to gain indirect access to multiple recruitment agencies at once.
- Data breaches Recruitment databases contain highly sensitive candidate information (CVs, contact details, salary data), making them attractive targets for data theft and exfiltration.
- Phishing and social engineering Attackers impersonate candidates, clients, or internal staff to trick employees into revealing login credentials or transferring sensitive information.
- Credential theft and account takeover Weak passwords or reused credentials can allow attackers to access recruiter accounts, exposing candidate and client data.
- Ransomware attacks Cybercriminals may encrypt candidate databases or internal systems, disrupting operations and demanding payment to restore access.
- Insider threats Employees or contractors with access to sensitive data may intentionally or accidentally misuse it, leading to data leaks or compliance issues.
- API exploitation Poorly secured integrations between recruitment platforms and third-party systems can be exploited to gain unauthorised access or extract data.
- Business email compromise (BEC) Attackers may hijack or spoof email accounts to redirect payments, manipulate invoices, or impersonate senior staff.
How recruitment companies can defend against these attacks
- Strengthen supply chain security Carefully vet third-party vendors, monitor system integrations, and ensure partners follow strong security standards.
- Protect sensitive candidate data Encrypt personal data both in transit and at rest, and limit access based on roles and responsibilities.
- Train staff to detect phishing Regularly educate recruiters and admin teams on identifying suspicious emails, links, and requests.
- Enforce strong authentication Use multi-factor authentication (MFA) and strong password policies to prevent unauthorised access.
- Secure systems and databases Keep applicant tracking systems and internal tools updated with the latest security patches.
- Implement access controls Restrict data access to only those who need it, reducing the risk of insider threats.
- Protect APIs and integrations Use secure authentication, monitor usage, and limit permissions for connected systems.
- Regular security testing Conduct penetration testing and vulnerability assessments to identify weaknesses before attackers do.
- Monitor and log activity Use real-time monitoring to detect unusual behaviour, such as large data exports or suspicious login attempts.
- Develop incident response plans Prepare clear procedures to respond quickly to breaches, minimise disruption, and meet regulatory obligations.
More information and resources for strengthening your cyber security can be found at cyberheroes.co.uk
