SAN FRANCISCO: A former senior security executive at WhatsApp has filed a federal lawsuit against parent company Meta, alleging systematic cybersecurity violations and retaliatory actions.
Attaullah Baig, who served as WhatsApp’s head of security from 2021 to 2025, claims approximately 1,500 engineers had unrestricted access to user data without proper oversight.
The lawsuit alleges Meta failed to implement basic cybersecurity measures, including adequate data handling and breach detection capabilities.
Baig discovered through internal testing that WhatsApp engineers could move or steal user data without detection or audit trails.
The complaint states this data included contact information, IP addresses, and profile photos from millions of users.
Baig repeatedly raised concerns with senior executives including WhatsApp head Will Cathcart and Meta CEO Mark Zuckerberg.
He alleges facing escalating retaliation after his initial reports in 2021, including negative performance reviews and verbal warnings.
Meta terminated Baig’s employment in February 2025 for alleged poor performance according to the court filing.
The lawsuit also claims Meta blocked implementation of security features addressing account takeovers affecting an estimated 100,000 users daily.
Meta strongly disputed all allegations through WhatsApp vice president of communications Carl Woog.
Woog stated this follows a familiar pattern where dismissed employees make distorted claims about the company’s security practices.
The company maintains Baig left due to poor performance verified by multiple senior engineers.
Meta noted the Department of Labor’s Occupational Safety and Health Administration dismissed Baig’s initial complaint finding no retaliation.
The company further insisted Baig exaggerated his role and was actually a lower-level engineer at WhatsApp.
Prior to Meta, Baig worked in cybersecurity roles at PayPal, Capital One, and other major financial institutions.
This case adds to ongoing scrutiny of Meta’s data protection practices across Facebook, Instagram, and WhatsApp.
Meta agreed to a 2020 government settlement following the Cambridge Analytica scandal involving 50 million Facebook users.
The consent order from that settlement remains in effect until 2040 according to court documents.
Baig seeks reinstatement, back pay, compensatory damages, and potential regulatory enforcement action against Meta.
In a separate case reported Monday, current and former employees allege Meta suppressed research on child safety risks in virtual reality products.
Meta denies these claims, stating it prioritizes youth safety and complies with all privacy laws. – AFP