A lawsuit filed by WhatsApp’s former chief of security, Attaullah Baig, was dismissed by the US District Court in Northern California last month for lack of evidence, and Baig’s team says that they plan to refile.
In the suit, Baig alleged he was fired as part of Meta’s performance-based layoffs for raising concerns about what he described as gaping security holes inside the Meta-owned chat app. His lawsuit said his firing violated SEC rules that protect whistleblowers from termination.
“The complaint does not contain sufficient facts to show that the plaintiff reported violations of SEC rules or regulations,” Judge Laurel Beeler wrote in the dismissal on March 19.
Baig had alleged that his concerns were ignored as hackers took over more than 100,000 accounts a day and that thousands of employees had access to sensitive user data, such as locations and profile photos.
Meta’s focus on performance reviews also imperiled security at WhatsApp, as employees focused on optimizing their review scores and padding numbers rather than addressing genuine security threats, Baig said in the lawsuit.
The court said it found details lacking in multiple aspects of the case. For example, Baig said he filed a form internally at Meta about serious cybersecurity issues, though he didn’t include more details about its contents in the lawsuit. The judge also ruled that Baig’s allegations don’t show retaliation by Meta CEO Mark Zuckerberg, whom Baig had raised security concerns with.
“This ruling reaffirms what we’ve said all along: These claims have no merit,” said Andy Stone, a spokesman for Meta. “We’re proud of our strong record of protecting people’s privacy and security, and will continue building on it.”
The group representing Baig, whistleblower advocacy organization Psst.org, says they plan to refile the case and that the dismissal was based on narrow technical grounds.
The judge made no finding whatsoever on the factuality of Baig’s claims, said Jennifer Gibson, the cofounder and executive director of Psst.org. Instead, the dismissal was partly because the judge declined to consider a 90-page filing Baig made to the Occupational Safety and Health Administration, or OSHA, she said.
“Mr. Baig discovered that billions of WhatsApp users’ data was at risk. He reported it internally, escalated to Mark Zuckerberg, and went to federal regulators. He was fired anyway,” Gibson said in a statement.
“He is not done fighting. The judge dismissed on technical pleading grounds, not merit, and we look forward to addressing those deficiencies to ensure Meta has to finally engage with the substance of Mr. Baig’s allegations,” she added.
The judge’s ruling said that Baig had “sufficient pleadings” regarding Nitin Gupta, Meta’s head of engineering at WhatsApp. Baig had alleged that Gupta denied him stock grants and sidelined his team in retaliation for raising security concerns.
“Thus, if the plaintiff’s claim for retaliation were not dismissed, the individual claim against Gupta would survive,” Beeler wrote.