Former WhatsApp Security Chief Sues Meta, Alleges Major Privacy and Data Protection Failures
Meta is facing fresh legal trouble after Attaullah Baig, WhatsApp’s former head of security, filed a whistleblower lawsuit accusing the company of systemic cybersecurity flaws that could put millions of users’ privacy at risk.
Baig claims he identified serious security lapses after joining WhatsApp in 2021 and reported them directly to senior leadership, including CEO Mark Zuckerberg. According to the lawsuit filed in the U.S. District Court for the Northern District of California, he discovered that nearly 1,500 WhatsApp engineers had unrestricted access to sensitive user data and could potentially move or extract information without detection.
The suit further alleges that Meta retaliated against Baig for raising concerns, subjecting him to negative performance reviews and eventually terminating his employment in February 2024 during a round of company layoffs. His attorneys argue that the timing clearly links his firing to his disclosures.
Although no evidence of user data misuse has been cited, Baig claims WhatsApp lacked critical safeguards, such as a 24/7 security operations center, proper monitoring systems for data access, and a reliable inventory of data storage infrastructure. He also filed complaints with the SEC and OSHA, alleging Meta failed to inform regulators and investors about material cybersecurity risks.
In response, a Meta spokesperson rejected the allegations, stating that Baig was dismissed for performance issues and that his claims misrepresent the company’s ongoing efforts to safeguard user privacy.
Baig is being represented by Psst.org and the law firm Schonbrun, Seplow, Harris, Hoffman & Zeldes. His legal team argues that the case highlights both cybersecurity compliance failures and whistleblower retaliation, potentially putting Meta under heightened regulatory scrutiny.
