Civil CFAA (unauthorized access to WhatsApp infrastructure, including their relay servers, to target WhatsApp users), California's Computer Data Access & Fraud act (same, but CCDAF also has kickers like specific liability for spreading malware), breach (WhatsApp has a EULA), and trespass to chattels.

(sorry, wrote this before you fleshed out your comment, but presumably it's helpful to someone else)