Mercor
March 24, 2026
•[ supply-chain compromise, data leak, source code theft ]
Mercor confirmed it was affected by the LiteLLM supply-chain compromise linked to TeamPCP. Lapsus$ claimed to have stolen more than 4 TB of Mercor data, including a 200+ GB database, nearly 1 TB of source code, and 3 TB of videos and other information; TechCrunch reviewed a sample containing Slack data, ticketing data, and apparent contractor-video material, while Mercor said it contained and remediated the incident and was investigating with outside forensics experts.
Target
January 12, 2026
•[ data leak, source code theft, internal documentation ]
BleepingComputer reported that multiple current and former Target employees confirmed that source code and documentation posted online by a threat actor match real internal systems. Employees cited internal system names, platform references, and CI/CD tooling elements in the leaked sample that aligned with Targets development environment, and an internal communication referenced an accelerated security change restricting access to Targets Enterprise Git server shortly after the outlet contacted the company. The incident as described involves alleged theft and publication of internal repositories and development documentation rather than an outage or consumer-facing service disruption.
