French data regulator investigates Twitter's "egregious" data security

The authority will investigate allegations made by Twitter’s former head of security.

France’s data protection watchdog CNIL is investigating a whistleblower’s claims that Twitter made “egregious” misrepresentations to international regulators about its data security measures, according to a report in POLITICO.

“The CNIL is currently studying the complaint filed to the US Securities and Exchange Commission, the Federal Trade Commission and the US Department of Justice,” the French agency said in a statement Wednesday. “If the accusations are correct, the CNIL could take action leading to legal proceedings or a sanction, if it’s clear there were breaches.”

The Washington Post first reported Tuesday that Twitter’s former head of security Peiter Zatko made the accusations in a complaint alleging that the tech company violated the terms of a settlement with the US Federal Trade Commission by falsely claiming it had a solid security plan. Zatko also said that privacy should become Twitter’s number one priority “in light of the egregious and ongoing misrepresentations to the FTC, French and Irish regulators”, according to the complaint.

Whistleblower’s complaint is backed by hacking expertise

In his complaint, Zatko, a widely admired hacker known as ‘Mudge’, depicts Twitter as a “chaotic and rudderless company” plagued by infighting and unable to properly protect its 238 million daily users, according to the Washington Post article.

The complaint also says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks. Those included the commandeering of accounts held by high-profile users such as Elon Musk and former presidents Barack Obama and Donald Trump.

A CNIL spokesperson said the regulator only learned of the allegations on Tuesday through the Washington Post report. Ireland’s data watchdog also met with Twitter representatives after the reports on Zatko’s claims.

One of Zatko’s alleged ‘misrepresentations’ was an update to the platform late last year to comply with orders from the CNIL, which Zatko said was “blocked [from] rolling out” for a month “in order to extract maximum profit from French users”. Twitter has denied Zatko’s allegations, according to POLITICO.

French data regulator investigates Twitter’s “egregious” data security

Whistleblower’s complaint is backed by hacking expertise

Stay tuned, subscribe!

Synthetic data and the risk of ‘model collapse’

Oracle introduces AI Agent Studio for Fusion Cloud Applications

Nvidia GTC 2025 roundup: Blackwell Ultra, HPE, Cisco and more

E-commerce solutions provider puts its own portfolio on display

Intel and Altera aim to bring AI to edge computing with new series of chips

RFID gives optimal insight and overview in both store and warehouse

Manhattan Associates provides supply chain software, is it more than a fancy name?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Are you data and AI ready?

Technology 2023: Four areas of focus

GovKube 25

IT Master in één Dag

Atlassian Team ’25

VeeamON 2025

GITEX ASIA

SAS Innovate 2025

Cloud Account Executive – Slack

AI & Data Architect

Senior Account Solution Architect