Meta, the parent company of WhatsApp, is facing fresh legal trouble after its former head of security, Attaullah Baig, filed a federal lawsuit accusing the company of downplaying critical cybersecurity flaws that exposed user data on a massive scale.
Lawsuit Alleges Lax Data Controls
Baig’s complaint claims that around 1,500 WhatsApp engineers enjoyed broad, unchecked access to highly sensitive information, including users’ private messages, location data, contacts, and profile photos. He argues that such practices violated a 2020 settlement with the Federal Trade Commission (FTC) requiring Meta to tighten its privacy protections.
According to the filing, Baig’s internal testing showed up to half a million WhatsApp accounts being compromised every day. Despite the alarming figures, he alleges that leadership—including CEO Mark Zuckerberg and WhatsApp head Will Cathcart—resisted calls for tighter oversight and monitoring systems.
Whistleblower Says Retaliation Followed
Baig contends that when he formally documented six major cybersecurity failures in October 2022, Meta retaliated instead of addressing the risks. He says the company undermined his performance reviews, blocked his projects, and ultimately dismissed him in February 2025.
Alongside the lawsuit, Baig has also taken his claims to the Securities and Exchange Commission (SEC) and the Occupational Safety and Health Administration (OSHA). He is working with Psst.org, a nonprofit that supports whistleblowers taking on powerful institutions.
Meta Pushes Back
Meta has rejected the allegations outright. The company describes Baig as a disgruntled ex-employee and insists his firing was performance-related. In a statement, Meta characterized his claims as part of a “familiar playbook” from former staff, stressing that its security standards remain robust.
Part of a Larger Pattern?
Baig’s case is the latest in a growing list of whistleblower complaints targeting Big Tech firms over how they handle user privacy. The allegations echo those made by Peiter “Mudge” Zatko, Twitter’s former security chief, who similarly accused leadership of prioritizing growth over safety.
If proven, Baig’s claims could deepen regulatory scrutiny on Meta—already under pressure from U.S. and European regulators—over whether the company is truly safeguarding the billions who rely on WhatsApp for private communication.
