While caught up in a legal battle against Elon Musk, Twitter’s former security chief until January of this year has blown the whistle on how the social media platform handles cybersecurity. The former exec Peiter Zatko has only been off the job for about five months. Zatko accuses Twitter of severe cybersecurity mismanagement in a complaint filed to the US Securities and Exchange Commission filed on July 6. The complaint has since been viewed by several news outlets, who confirmed the content.

Zatko claims that thousands of employee laptops contain complete copies of the social media platform’s source code. Furthermore, he alleges that one-third of the devices blocked automatic security fixes, disabled firewalls, and remote desktop access enabled for non-approved purposes. These security misdoings were allowed due to the fact that Twitter does not actively monitor what is downloaded on employee devices. According to Zatko, employees were repeatedly found to be intentionally installing spyware on their work computers at the request of other organizations. In addition, Zatko claims that Twitter does not reliably delete users’ data after their cancel their accounts. Perhaps most shockingly, Zatko stated that in his two years of working as Twitter’s head of security, the company had roughly one security incident each week that was serious enough it needed to be reported to government agencies.

Read More: Ex-Security Chief Accuses Twitter of Cybersecurity Negligence