Twitter accused by whistleblower of ‘egregious misrepresentations’ to Irish Data Protection Commission

Former security chief at social media giant files whistleblower complaints

Twitter made “egregious and ongoing misrepresentations” to the Irish Data Protection Commission (DPC) and other regulators, a new whistleblower document has claimed.

The claims were made in the US by Twitter’s former head of security Peiter Zatko, a veteran hacker and security expert known as “Mudge”, to the Securities and Exchange Commission (SEC) and the Department of Justice, as well as the Federal Trade Commission (FTC).

He was hired in 2020 by Twitter co-founder and then chief executive Jack Dorsey to strengthen the company’s security after a mass hack targeted 130 high-profile Twitter accounts.

Among the most serious accusations is that Twitter violated the terms of a 2010 FTC settlement by falsely claiming that it had a strong security plan.


Mr Zatko accused Twitter and senior executives and directors of “extensive legal violations”, including making misleading statements to users, misrepresentations to investors and acting with “negligence and even complicity” toward efforts by foreign governments to infiltrate the platform, according to the complaint filed with the SEC.

He alleges that when the FTC asked Twitter whether it deleted the data of users who left the service, the social media giant deliberately misled the regulator by stating those accounts were “deactivated”, even when the data was not fully deleted.

Multibillion-dollar fines?

The whistleblower disclosure document said: “And in late 2021, Zatko sent memos to executive team members arguing that, in light of the egregious and ongoing misrepresentations to the FTC, French and Irish regulators, plus the very real possibility of multibillion-dollar fines or even bans from major markets, Privacy should become Twitter’s #1 priority.”

It is understood that, on foot of the allegations, Twitter and the DPC had a preliminary meeting on Tuesday to discuss the claims. Engagement will continue as the regulator seeks clarity on a number of points with the social media giant, said a DPC spokesman.

In a statement, Twitter denied Mr Zatko’s accusations and said that he was fired in January for poor performance and leadership. “Mr Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

The allegations come at a perilous time for Twitter, which is locked in a legal battle with Elon Musk over his efforts to walk away from a $44 billion agreement to acquire the social media company. Twitter has sued Musk to force him to close the deal, and the two sides are set to go to trial at the Delaware Chancery Court in October.

Lawyers for Mr Musk indicated that they were interested in investigating Mr Zatko’s claims. Some of his allegations are similar to Mr Musk’s contentions, focusing on the number of fake users on the platform.