4TB of Voice Data Stolen from 40,000 Mercor AI Contractors
On April 4, 2026, the hacking group Lapsus$ released a massive 4TB data archive from Mercor, a broker for AI training data, on its leak platform. This data includes voice recordings, government IDs, and selfies from more than 40,000 contractors who participated in reading and verification tasks. The breach stands out because it combines clear voice samples with authenticated identity documents, paving the way for synthetic voice cloning. According to The Wall Street Journal in February 2026, about 15 seconds of clear audio is needed for high-quality voice cloning, while Mercor's recordings typically last 2–5 minutes. These cloned voices could be exploited for fraud, including bypassing bank security, scamming, and deepfake calls. In response, five lawsuits were filed by contractors within ten days, claiming their voice data was collected under misleading pretenses. ORAVYS is providing free forensic analysis for affected individuals, utilizing advanced detection technologies.
Key facts
- Lapsus$ posted Mercor data on April 4, 2026.
- 4TB dump includes voice samples, IDs, and selfies from 40,000+ contractors.
- Mercor merged voice biometrics with government-issued identity documents.
- Voice cloning requires ~15 seconds of clean audio; Mercor recordings average 2–5 minutes.
- Five contractor lawsuits filed within ten days of the leak.
- Bank voiceprint bypass, vishing, deepfake video calls, insurance fraud, and impersonation scams are documented threats.
- 2024 Hong Kong Arup deepfake theft: $25 million stolen.
- FBI IC3 reported $2.3 billion in losses for 60+ victims in 2026.
- Pindrop saw 475% increase in synthetic voice attacks in 2025.
- ORAVYS provides free forensic scanning for Mercor victims.
Entities
Institutions
- Mercor
- Lapsus$
- Wall Street Journal
- Krebs on Security
- Arup
- Pindrop
- FBI Internet Crime Complaint Center
- ORAVYS
- Amazon
- Apple
Locations
- United States
- United Kingdom
- Hong Kong