• Senators advanced a bill that would give prosecutors more time to bring pandemic fraud cases.
• They cited Business Insider's reporting on potential misuse of Shuttered Venue Operators Grant funds.
• The Small Business Administration says 69% of the $14.6 billion SVOG program may have been misspent.

Lawmakers just came closer to giving US prosecutors more time to pursue billions of dollars in suspected pandemic-aid fraud tied to restaurants and live entertainment — and cited Business Insider's investigation into how those funds were used by celebrities.

Senators passed a long-delayed bill on Wednesday night that would extend the statute of limitations for fraud tied to two relief programs: the $28.6 billion Restaurant Revitalization Fund and the $14.6 billion Shuttered Venue Operators Grant.

The bill would put the programs on the same legal footing as bigger, better-known pandemic aid packages that lost as much as $200 billion to fraud, like the Paycheck Protection Program. If it becomes law, prosecutors will have 10 years to bring charges of defrauding the programs, instead of the usual five.

Earlier this week, the Government Accountability Office reported that as much as $10 billion from SVOG funds may have been improperly paid out, which is more than 200 times larger than a fraud estimate the Small Business Administration published three years ago.

Business Insider previously reported that hundreds of millions of dollars were paid out to successful artists like Lil Wayne, Post Malone, metal legends Alice in Chains, and DJs including Steve Aoki and Marshmello. They used the money on private jets, luxury clothes, and payments to themselves, according to the investigation.

Sen. Joni Ernst, an Iowa Republican who has been the bill's main advocate, invoked that reporting in remarks on the Senate floor on Wednesday.

"For fraudsters, time flies when you're having fun," she said. "Look no further than rapper Chris Brown, who exploited the SVOG program to pay for his lavish $80,000 birthday party and paid himself $5 million in the process."

Lawyers and representatives for Brown didn't respond to requests for comment. Previously, in response to Business Insider's late 2024 investigation, an attorney for the accounting and wealth management firm that helped Brown's company get a federal grant, NKSFB, called Business Insider's questions "uninformed" and didn't answer them.

COVID fraud cases get more time

The bill passed with an amendment that would require enforcement to be "carried out in a nonpartisan manner," said Sen. Ed Markey, the top Democrat on the small-business committee that Ernst chairs.

The SBA has said that 70% of the restaurant support funds paid out by the RRF program were proper, but that it's "unknown" whether the remaining $8.7 billion was legally paid to eligible recipients. The agency's inspector general previously said more than $6 billion was paid out without doing enough to verify that recipients qualified for the money.

The agency has previously defended cutting checks under the shuttered venues program to "loan-out companies" used by big-name artists to ink performance deals.

Recipients included Broadway shows, arts companies, and cultural institutions that asked Congress for help paying bills they'd run up during the year-plus when public gatherings were limited because of the COVID-19 pandemic. The law also allowed payments to lesser-known groups, like talent agents.

There was no requirement that recipients be on the brink of bankruptcy. One Texas concert promoter received a $10 million grant in July 2021. About four months later, he bought a home for $2.1 million in cash.

The law creating SVOG allowed grant recipients to use the money for a broad range of purposes, including expenses deemed "ordinary and necessary" as well as compensation to the owners of for-profit businesses that received the money.

The new estimate of $10 billion in payment errors amounts to about two-thirds of the program's entire budget. SBA officials said that $4.5 billion of that was overpayments to businesses that "did not align with the established statutory guidelines" for payment. They also found errors with the monitoring of recipients' spending.

In 2023, the Biden administration said that one-third of 1% of the entertainment grants were "likely fraudulent." Government watchdogs say only some "improper payments" amount to fraud, so the new number isn't an apples-to-apples comparison with the 2023 figure.

More than 2,000 people have been sentenced for defrauding pandemic aid programs. The SBA inspector general has said many more cases are pending.

• Contractors said in at least five lawsuits that AI training startup Mercor exposed their data to hackers.
• Mercor said last week it was "impacted" by compromised LiteLLM software.
• One of the suits seeks to hold LiteLLM, security audit firm Delve, and others liable.

Contractors filed five lawsuits against Mercor, the AI training firm valued at $10 billion, in the past week, accusing the company of violating data privacy and consumer protection laws.

The suits, filed in federal courts in California and Texas, allege Mercor's negligence could have resulted in the disclosure of Social Security numbers, addresses, and other information, including recordings of interviews, to bad actors.

The lawsuits seek unspecified monetary damages.

Mercor said last week that it was impacted by a breach of the open-source project LiteLLM, which was created by Berrie AI, without describing the stolen data.

Techcrunch reported that sample materials posted by the hackers included Slack data and videos of conversations between Mercor contractors and an AI system.

It's somewhat common for companies to be sued in the wake of a data breach. The biggest cases have settled for between $1 and $5 per class member, according to a survey of data-breach settlements from 2018 to 2021 by Cornerstone Research.

Victims with documented financial losses are sometimes paid more. Some settlements include non-monetary relief, like free credit monitoring.

A lawsuit filed by NaTivia Esson and her lawyers at Strauss Borrelli says she worked for Mercor from March 2025 to March 2026 and filled out a W-9 form with her personal identifying information each time she got work. She "trusted the company would use reasonable measures to protect it," her complaint read.

"Because of the data breach, plaintiff anticipates spending considerable amounts of time and money to try and mitigate her injuries."

Mercor declined to comment.

Mercor has used gig workers to train AI for clients including Meta, Facebook's parent company. Meta paused its work with Mercor after the data breach, Business Insider previously reported.

One suit against Mercor also names Berrie AI and Delve Technologies, an "automated compliance" firm that had previously certified Berrie's compliance with certain industry standards, as defendants. The complaint in that case said a "whistleblower" exposed misconduct at Delve.

Last month, Delve denied claims in an anonymously authored Substack post that accused it of facilitating "fake compliance" and arranging sham security audits.

Other legal challenges for Mercor might be on the horizon. An apparent lead-generation website, MercorClaims.com, went live on or around April 1, although it does not appear to be sending users to any particular law firm.

Berrie AI and Delve didn't immediately respond to requests for comment.