Ex-WhatsApp security chief files suit over privacy failures at Meta

A former Meta employee has filed a lawsuit accusing the company of allowing “systemic cybersecurity failures” at WhatsApp that put user privacy at ￰0￱ complaint, filed Monday in ￰1￱ Court for the Northern District of California, comes from Attaullah Baig, WhatsApp’s former head of ￰2￱ alleges Meta retaliated against him after he raised concerns, including those directly to CEO Mark Zuckerberg, about serious flaws in the messaging app. Ex-WhatsApp security chief claims Meta ignored privacy risks The lawsuit, filed in ￰3￱ Court for the Northern District of California, alleges that after joining WhatsApp in 2021, Baig uncovered security flaws that breached federal securities laws and Meta’s obligations under a 2020 Federal Trade Commission (FTC) privacy ￰4￱ case emerges against the backdrop of Meta’s broader legal battles, including its recent request for a ￰5￱ judge to dismiss the FTC’s antitrust ￰6￱ case accuses Meta of unlawfully consolidating power in the social media market by acquiring Instagram and ￰7￱ its defence, Meta argues the FTC has failed to provide sufficient evidence that the deals were anticompetitive or harmful to ￰8￱ company contends that Instagram and WhatsApp have thrived under its ownership, benefiting from significant investments, improved security, and enhanced ￰9￱ earlier reported by Cryptopolitan , Meta also rejects the FTC’s narrow market definition, pointing out that platforms like TikTok, YouTube, and Reddit compete directly for users’ ￰10￱ the current case, Baig claimed that in a security test with Meta’s central team, he found that about 1,500 WhatsApp engineers had unrestricted access to sensitive user data and could move or steal it without detection or audit ￰11￱ disputed Baig’s allegations in a statement and sought to downplay his position and responsibilities.

“Sadly this is a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims that misrepresent the ongoing hard work of our team,” the spokesperson wrote. “Security is an adversarial space, and we pride ourselves in building on our strong record of protecting people’s privacy.” Whistleblower group ￰12￱ represents Baig alongside the law firm Schonbrun, Seplow, Harris, Hoffman & ￰13￱ the lawsuit does not allege that user data was directly compromised, it claims Baig repeatedly warned his superiors that WhatsApp’s cybersecurity shortcomings created serious regulatory compliance ￰14￱ issues cited are the platform’s lack of a 24-hour security operations center appropriate for its size, inadequate systems to track employee access to user data, and the absence of a comprehensive inventory of data-storing systems, making proper protection and regulatory disclosure impossible.

Baig’s attorneys argue in the lawsuit that his superiors repeatedly criticized his work and that he began receiving “negative performance feedback” just three days after his initial cybersecurity ￰15￱ last year, Baig informed the SEC of the alleged “cybersecurity deficiencies and failure to inform investors about material cybersecurity risks,” the suit says. A month later, Baig sent Zuckerberg the second of two letters, informing the CEO that he “had filed the SEC complaint” and was “requesting immediate action to address both the underlying compliance failures and the unlawful retaliation.” Meta denies allegations, calling the lawsuit a “distorted” attack on its record In January, according to the lawsuit, Baig filed a complaint with the Occupational Safety and Health Administration, noting “the systemic retaliation” he alleged he received after the security ￰16￱ next month, the complaint says Meta dismissed Baig, citing “poor performance”.

This occurred during the company’s February layoffs, which affected 5% of its ￰17￱ lawsuit argues that the timing and circumstances of Baig’s termination show a clear link to his protected ￰18￱ came soon after his external regulatory filings, capping over two years of alleged systemic retaliation over his cybersecurity disclosures and pushing for compliance with federal law and regulatory orders. Baig’s attorneys said he filed a notice on Monday to move his SEC-related claims to federal court and had already exhausted all administrative remedies before pursuing the ￰19￱ you're reading this, you’re already ￰20￱ there with our newsletter .