Lapsus$ posted a 4TB Mercor archive on April 4 2026 containing voice recordings averaging two to five minutes paired with government ID scans from more than 40 000 data-labeling and voice-verification contractors according to ORAVYS forensic index (ORAVYS Forensic intelligence April 24 2026). Five lawsuits filed within ten days allege the company framed collection as training data without disclosing permanent biometric status (ORAVYS 2026). WSJ previously stated high-quality voice cloning requires roughly 15 seconds of clean audio with off-the-shelf tools in February 2026 (Wall Street Journal 2026).

Prior voice leaks separated audio from identity mapping while ID brokers released documents without linked recordings; Mercor combined both in single database rows a linkage not emphasized in initial mainstream wires (ORAVYS 2026 KrebsOnSecurity archive). The studio-grade recordings exceed documented thresholds for tools used in confirmed 2024 Arup deepfake video call that caused 25 million dollar transfer (Hong Kong police records).

Pindrop logged 475 percent rise in synthetic voice attacks on insurance call centers during 2025; FBI IC3 reported 2.3 billion dollars in losses to emergency impersonation scams for victims over 60 in 2026 with voice synthesis as accelerating vector (Pindrop report FBI Internet Crime Complaint Center 2026). KrebsOnSecurity lists more than two dozen employer vishing cases since 2023 that match attacker patterns now enabled by the paired voice-ID dataset (KrebsOnSecurity).