Former WhatsApp Security Head Sues Meta Over Alleged Data Access Violations
SAN FRANCISCO — Attaullah Baig, who led WhatsApp’s security team from 2021 to 2025, has filed a lawsuit against Meta, alleging that roughly 1,500 engineers had unrestricted access to user data without proper oversight. The complaint suggests this may have violated a 2020 U.S. government order that fined the company $5 billion.
Filed in federal court in San Francisco, the 115-page lawsuit claims that Meta failed to implement basic cybersecurity measures, including proper data handling and breach detection systems. According to the filing, Baig discovered during internal security tests that WhatsApp engineers could move or steal user information — including contacts, IP addresses, and profile photos — “without detection or audit trail.”
Baig says he repeatedly raised his concerns with senior executives, including WhatsApp head Will Cathcart and Meta CEO Mark Zuckerberg, but faced escalating retaliation. He alleges negative performance reviews, verbal warnings, and ultimately his termination in February 2025 for alleged “poor performance.”
The lawsuit also claims Meta blocked the implementation of security features designed to prevent account takeovers, which reportedly affected about 100,000 WhatsApp users daily, choosing instead to prioritize user growth.
Meta strongly denied the allegations. “Sadly, this is a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims that misrepresent the ongoing hard work of our team,” WhatsApp VP of Communications Carl Woog told AFP. He added that the company prides itself on protecting user privacy and that Baig’s work was independently assessed as below expectations.
Meta also noted that the Department of Labor’s Occupational Safety and Health Administration dismissed Baig’s initial complaint, finding no evidence of retaliation.
Baig, who previously worked in cybersecurity roles at PayPal and Capital One, filed complaints with federal regulators, including the Securities and Exchange Commission, before pursuing this lawsuit. He is seeking reinstatement, back pay, compensatory damages, and potential regulatory action against Meta.
The case comes amid ongoing scrutiny of Meta’s data protection practices across Facebook, Instagram, and WhatsApp, which collectively serve billions of users worldwide. The 2020 government settlement, following the Cambridge Analytica scandal, remains in effect until 2040.
In a separate case first reported Monday by the Washington Post, current and former Meta employees alleged the company suppressed research on child safety risks in its virtual reality products. Meta denies these claims, stating it prioritizes youth safety and complies with privacy laws.
Mutib Khalid is a skilled content writer and digital marketer with a knack for crafting compelling narratives and optimizing digital strategies. Excel in creating engaging content that drives results and enhances online presence. Passionate about blending creativity with data-driven approaches, Mutib Khalid helps brands connect with their audience and achieve their goals.