Lapsus$ leaks biometric data of forty thousand AI workers
Summary
A 40,000-person group of AI model trainers had their biometric data leaked by the extortion group Lapsus$, including voice recordings, document scans, and verification selfies. The data belonged to Mercor, a platform that recruits contractors to train artificial intelligence models. The leak revealed that the voice recordings, which were collected for AI training purposes, could be used to create high-quality voice clones with as little as fifteen seconds of audio. This allowed for potential impersonation and fraud, as voice biometrics cannot be revoked or changed like passwords. The affected individuals were unaware their voice data would be used in this way, leaving them vulnerable to extortion or automated phone fraud. At least five class-action lawsuits were filed within ten days of the leak.
Incident Details
Unauthorized collection, tracking, or exposure of personal data and private information.
Sources
1This incident is documented by a single source. Source count reflects coverage in our monitored feeds, not the totality of reporting, and we do not evaluate publication quality.