A former Meta employee has filed a whistleblower lawsuit in the United States, alleging that WhatsApp suffers from serious cybersecurity weaknesses that could compromise user privacy. The suit, filed in the U.S. District Court for the Northern District of California, raises questions about whether Meta has lived up to its obligations under federal law and a 2020 privacy settlement with the Federal Trade Commission (FTC).
Allegations of Security Failures
The whistleblower, Attaullah Baig, served as WhatsApp’s head of security after joining the company in 2021. According to his lawsuit, Baig discovered systemic flaws in WhatsApp’s security infrastructure, including insufficient monitoring systems and inadequate protections for sensitive user data.
One of the most alarming claims centers on a test Baig conducted with Meta’s central security team. He alleged that roughly 1,500 WhatsApp engineers had unrestricted access to user data, including private information, and that this data could be moved or stolen without detection or audit trails.
Although the lawsuit does not allege that user data was actually compromised, it argues that the security gaps posed significant compliance risks. Baig also pointed to WhatsApp’s failure to maintain a 24-hour security operations center and its lack of a comprehensive inventory of systems storing user data.
Claims of Retaliation
Baig’s lawsuit also accuses Meta of retaliating against him after he raised these concerns. He alleges that within days of notifying superiors about the flaws, he began receiving negative performance reviews. His concerns were reportedly raised to senior leaders, including CEO Mark Zuckerberg, through multiple letters.
In November, Baig notified the U.S. Securities and Exchange Commission (SEC) about the alleged deficiencies and Meta’s failure to inform investors about cybersecurity risks. The following month, he informed Zuckerberg that he had filed an SEC complaint and requested immediate action.
According to the lawsuit, Baig then filed a complaint with the Occupational Safety and Health Administration in January, documenting what he described as “systemic retaliation.” In February, he was terminated during Meta’s round of layoffs, which affected about 5% of its workforce. The lawsuit argues that the timing of his termination was directly linked to his protected whistleblower activity.
Meta’s Response
Meta has strongly denied Baig’s claims. A company spokesperson dismissed the lawsuit, saying Baig’s role and ranking at the company were being exaggerated. The spokesperson described the allegations as “distorted claims” from a former employee dismissed for poor performance, adding that Meta has a strong track record of protecting user privacy.
“Security is an adversarial space, and we pride ourselves in building on our strong record of protecting people’s privacy,” the spokesperson said.
Legal Representation and Next Steps
Baig is represented by the whistleblower advocacy group Psst.org and the law firm Schonbrun, Seplow, Harris, Hoffman, and Zeldes. His attorneys argue that his dismissal was not about performance but rather a direct consequence of his disclosures about regulatory compliance and data security.
The lawsuit highlights broader concerns about the transparency and accountability of major tech platforms handling billions of users’ personal data. If Baig’s claims are proven in court, they could raise new questions about Meta’s compliance with regulatory requirements and its ability to safeguard user privacy.
The post Ex-Meta Employee Files Whistleblower Lawsuit Over WhatsApp Security Flaws appeared first on trendblog.net.