Ex-WhatsApp Security Head Sues Meta Over User Privacy Failures

San Francisco, CA — A former top security executive at WhatsApp has filed a lawsuit against Meta Platforms Inc., alleging systematic failures to protect user data that compromise privacy for billions of users. Attaullah Baig, who served as WhatsApp’s head of security from 2021 to 2025, claims the company ignored critical vulnerabilities while prioritizing growth.

Filed in the U.S. District Court for the Northern District of California, the lawsuit alleges that around 1,500 WhatsApp engineers had unrestricted access to sensitive user data without proper oversight. This lack of control, Baig argues, may have violated a federal court order that imposed a $5 billion penalty on Meta in 2020.

Baig claims he discovered these and other cybersecurity flaws during internal security testing, including the inability to properly detect breaches. He indicated that these deficiencies could allow employees to move or steal user data without detection, raising concerns about compliance with privacy laws such as the GDPR.

The lawsuit also highlights Baig’s claims of retaliation after he reported these vulnerabilities. According to the suit, he faced negative performance reviews and threats of termination, ultimately being fired in February 2025. Baig’s attorneys assert that his dismissal occurred shortly after he informed company executives, including CEO Mark Zuckerberg, of his cybersecurity concerns.

In response to the lawsuit, a Meta spokesperson criticized Baig’s claims, stating they misrepresent the hard work of their security team. The spokesperson insisted that the company invests heavily in cybersecurity and regards its practices as robust.

Baig, represented by the whistleblower organization Psst.org and the law firm Schonbrun, Seplow, Harris, Hoffman and Zeldes, previously filed complaints with the Securities and Exchange Commission (SEC) and the Occupational Safety and Health Administration (OSHA). While the OSHA dismissed his complaint, Baig is now seeking reinstatement, back pay, and damages through this litigation.

This lawsuit could potentially prompt significant changes in the tech industry’s approach to user privacy, as privacy advocates are closely watching for any validated security flaws. Baig’s claims may not only affect Meta’s public image but could also invite further regulatory scrutiny and necessitate reforms across its platforms, including WhatsApp, Facebook, and Instagram.