The extortion group Lapsus$ leaked four terabytes of data from Mercor, exposing voice recordings and government-issued identification documents belonging to 40,000 AI training contractors on April 4, 2026.

Key Points

• The leaked archive contains studio-quality voice samples paired with verified identity documents, providing all necessary components for high-fidelity synthetic voice cloning.
• Attackers can use this data to bypass bank voice-verification systems, commit insurance fraud, or conduct sophisticated vishing attacks against employers.
• The breach exposes 40,000 contractors who previously performed data labeling and verification tasks for AI development companies.
• Experts recommend that victims disable voice-based authentication at banks and establish private verbal codewords with family members to prevent impersonation.
• Forensic analysis tools, such as those provided by ORAVYS, can detect synthetic audio by identifying irregularities in breath patterns, prosody, and spectral signatures.

Why it Matters

This breach represents a significant escalation in identity theft because it combines biometric audio with verified personal credentials, enabling highly convincing deepfake impersonations. The incident highlights the growing security risks associated with the massive data collection pipelines required to train modern artificial intelligence models.