Law Commentary
Editions

Broken Arrow, OK Legal News, Information & Blogs

Former WhatsApp Security Chief Sues Meta Over Privacy Lapses, Retaliation Claims

by Alexandra Agraz | Sep 10, 2025
Photo Source: Adobe Stock Image

A former head of security at WhatsApp has filed a federal lawsuit against Meta Platforms, Inc., alleging the company ignored significant flaws in the app’s digital defenses and retaliated against him for raising concerns.

The complaint was brought by Attaullah Baig, who served as WhatsApp’s head of security from 2021 until his termination in 2025. With a professional background that includes cybersecurity roles at PayPal and Capital One, Baig claims Meta failed to comply with federal privacy law and violated a 2020 Federal Trade Commission consent decree that imposed a $5 billion penalty and required the company to strengthen protections for user data.

According to the 115-page filing, Baig alleges that more than 1,500 engineers across Meta had unrestricted access to WhatsApp user data, including contacts, IP addresses, and profile photos, without detection or audit trails. He further contends that WhatsApp failed to prevent widespread account takeovers, which he estimated at more than 100,000 per day, despite his repeated warnings and proposed fixes.

The complaint states that Baig raised these issues directly with company leadership, including Will Cathcart, head of WhatsApp, and Meta CEO Mark Zuckerberg. He alleges that his concerns were disregarded and that his eventual dismissal was the result of whistleblower retaliation. Exhibits attached to the filing include internal reports and correspondence in which Baig documented security vulnerabilities and recommended reforms.

The 2020 FTC settlement followed government investigations into Facebook’s handling of user data after the Cambridge Analytica scandal. It requires Meta to maintain a comprehensive privacy program, limit access to personal data, and certify compliance until 2040. The decree remains one of the most significant privacy enforcement actions in U.S. history.

Baig brings claims of whistleblower retaliation, negligence, and violations of the FTC order. He seeks damages, attorney’s fees, and injunctive relief requiring Meta to implement stronger cybersecurity protocols.

Meta has not yet filed a response.

Share This Article

If you found this article insightful, consider sharing it with your network.

Alexandra Agraz
Alexandra Agraz
Alexandra Agraz is a former Diplomatic Aide with firsthand experience in facilitating high-level international events, including the signing of critical economic and political agreements between the United States and Mexico. She holds dual associate degrees in Humanities, Social and Political Sciences, and Film, blending a diverse academic background in diplomacy, culture, and storytelling. This unique combination enables her to provide nuanced perspectives on global relations and cultural narratives.