Meta is facing a new lawsuit from a former senior executive at WhatsApp who says the company failed to secure user information and punished him for speaking up.
What the Case Says
The suit was filed in federal court in San Francisco by Attaullah Baig, who worked as WhatsApp’s head of security from 2021 until early 2025. He claims that around 1,500 engineers had the ability to look at user information such as contact lists, IP addresses, and profile photos without meaningful checks in place.
Court filings link these practices to a 2020 privacy settlement with the Federal Trade Commission, when Meta paid $5 billion after the Cambridge Analytica scandal. Baig argues the company’s current security standards fall short of the obligations set in that order, which is binding until 2040.
Complaints About Internal Oversight
According to the lawsuit, WhatsApp lacked several basic safeguards. Among the problems listed were the absence of a 24-hour security center, limited tracking of employee access to sensitive data, and an incomplete record of systems that hold user information.
The lawsuit does not say that data was stolen, but it argues the weaknesses left open the risk of misuse and regulatory breaches.
Retaliation Alleged
Baig says he reported the issues to company leaders, including Mark Zuckerberg and WhatsApp head Will Cathcart. Soon after, he began receiving poor performance reviews and warnings. By February this year, Meta dismissed him during a round of layoffs, officially describing his work as unsatisfactory.
The complaint also says Baig contacted regulators, including the Securities and Exchange Commission and the Occupational Safety and Health Administration, about what he saw as compliance failures. His lawyers say the sequence of negative reviews and eventual termination shows a clear pattern of retaliation.
Meta’s Position and Wider Context
Meta has rejected Baig’s claims and questioned the importance of his role. The company says it continues to invest in security and privacy across all of its platforms.
This case comes at a time when Meta is under close watch from regulators over its handling of personal information. The FTC settlement reached in 2020 still governs how the company must treat user data on Facebook, Instagram, and WhatsApp.
Baig is seeking reinstatement, back pay, damages, and regulatory enforcement action.
Separate from this lawsuit, Meta is also facing claims from employees who say the company downplayed research into child safety risks linked to its virtual reality products.
Notes: This post was edited/created using GenAI tools. Image: DIW-Aigen.
Read next: Google’s Legal Filing Sparks Confusion Over the Open Web
