A software engineer said he was fired for blowing the whistle on a major cybersecurity flaw. But before his case ever reached trial, it fell apart. Deleted text messages, an incomplete phone data dump, and his lawyer’s discovery missteps ended it all. The court dismissed the case and ordered the employee and his attorney to pay more than $150,000 in sanctions.
TL;DR: A federal appeals court upheld the dismissal of a retaliation lawsuit after the plaintiff and his lawyer failed to preserve key evidence. The problems included deleted Signal messages, inconsistent explanations about what happened to them, and a misleading forensic image of the plaintiff’s phone. The court said that was enough to end the case and impose serious financial penalties.
From security flaw to fired
The employee worked for a public transit agency and supported a real-time tracking system developed by an outside software vendor. One day, he found a vulnerability that allowed unauthorized access to multiple transit systems. He told his supervisor, who directed him to test it on another city’s platform.
That test worked and triggered a public alert on the other city’s Twitter feed. While the city did not take legal action, the vendor later sent a letter to the agency accusing both employees of misconduct. The agency decided to fire them that same day, although they were initially told they were only being placed on leave.
The employee later sued, claiming retaliation under a federal transit safety law. But the lawsuit quickly unraveled.
What went wrong
Deleted messages
The employee and his supervisor used the Signal app to discuss how to handle the fallout from their cybersecurity test. Just before a scheduled interview with the agency, the supervisor deleted their entire Signal thread. The employee later said his copy vanished too.
At first, he claimed that Signal automatically deleted the thread on his phone when the supervisor deleted it on his end. But the defendants produced an affidavit from a Signal executive stating that Signal did not operate that way at the time. Confronted with this, the employee changed his explanation. He then said he had manually configured his phone to delete message threads if the other party deleted them. The court found that this late-breaking claim, which he had not mentioned during depositions, lacked credibility.
More messages gone
The story didn’t end there. Nearly a year after the incident, while the lawsuit was pending, the employee enabled Signal’s “disappearing messages” feature in his conversation with the supervisor. From that point on, any new messages in that thread deleted automatically 24 hours after being read. Those messages were never recovered.
Missing phone data
The employee’s lawyer agreed to turn over a forensic image of the phone. But the first version contained only 0.2 GB of user data and excluded major categories like Signal messages, browser history, and photos. The lawyer initially insisted it was complete. But after the court ordered a second image, a new vendor recovered 25 GB of data, including previously withheld discussions about the vulnerability at the heart of the case.
Attorney conduct and court sanctions
The employee’s lawyer agreed to turn over a forensic image of his phone. But the version he provided included just 0.2 GB of data and left out major categories like Signal messages, photos, and browsing history. He insisted the image was complete, even though he had only asked the vendor to search limited dates and keywords instead of capturing everything.
When the missing data was called out, the lawyer pushed back against a second imaging and didn’t correct his earlier statements—despite growing evidence that key evidence had been left out. After the court ordered a second image, a new vendor recovered 25 GB of data, including messages related to the core claims in the case.
That led the defendants to ask for dismissal and sanctions. A magistrate judge recommended dismissal, finding that the employee had likely deleted messages—or allowed them to be deleted—after his duty to preserve them had been triggered. The judge also found that the lawyer had made misleading statements and dragged out the litigation with unnecessary delays. The district court adopted those findings, dismissed the case, and ordered more than $150,000 in penalties.
On appeal, the court backed those decisions. It said the trial judge was allowed to conclude that the missing messages were deliberately erased and that the lawyer’s behavior during discovery made things worse. The court also said it was fair to award fees to cover the extra time and costs caused by the discovery mess.
Lessons for employers and the lawyers who advise them
Preserve what matters and know where it lives
Once litigation is reasonably anticipated, employers have a duty to preserve relevant evidence. That includes data from encrypted or self-deleting apps if employees used them for work. Have a clear litigation hold process, and don’t assume personal devices are off-limits.
Get discovery right the first time
Courts expect full and accurate production of relevant data. If both sides agree to limit a forensic image using keywords or date filters, make sure that agreement is clearly documented—and that your production reflects those limits honestly. Misrepresenting a filtered dataset as “complete” is what caused this case to implode.
Lawyer mistakes can be fatal
This case was not dismissed because of the underlying facts. It was dismissed because discovery was handled poorly. Courts can hold clients responsible for their lawyer’s conduct, especially when evidence goes missing.
Competence includes tech competence
Under Model Rule 1.1, lawyers must provide competent representation, which includes keeping up with relevant technology. That means understanding how encrypted messaging works, what a forensic image should include, and how to manage e-discovery vendors. If you don’t know, find someone who does.
Bottom line
Even a strong case can fall apart if the tech isn’t handled right. When relevant data disappears and discovery goes sideways, courts don’t just get frustrated—they dismiss the case and impose sanctions. If your team doesn’t understand how encrypted apps or forensic imaging work, you’re taking a serious risk.