Northern District Of California Dismisses Putative Class Action Against Social Media Company For Failure To Adequately Allege Scienter, Loss Causation
On December 20, 2021, the United States District Court for the Northern District of California dismissed a putative class action against a social media company and certain of its executives under the Securities Exchange Act. In re Facebook, Inc. Sec. Litig., No. 5:18-CV-01725-EJD, 2021 WL 6000058 (N.D. Cal. Dec. 20, 2021). Plaintiffs alleged that the company made misrepresentations relating to a data breach and with respect to users’ control of their data. The Court previously dismissed plaintiffs’ prior two complaints but granted leave to replead. Addressing plaintiffs’ third amended complaint, the Court held that plaintiffs still failed to adequately allege scienter for the data breach allegations and loss causation for the allegations about control of user data, and therefore dismissed the action without leave to replead.
With respect to the data breach allegations, plaintiffs alleged that the company made false or misleading statements concerning the risks facing the company after the data breach and the results of an investigation conducted by the company. Id. at *3. The Court emphasized that the complaint itself alleged that the entity responsible for the data breach certified that it had deleted the misappropriated data; plaintiffs therefore needed to establish why defendants should have known the certifications were false. Id. The Court held that plaintiffs’ added allegations—that the company had “embedded” three employees with a political campaign associated with the use of data from the breach—were still insufficient to establish scienter, as they failed to allege facts showing that the “embedded” employees knew the certification was false or that they raised any such concern to company executives. Id. at *4. Moreover, the Court rejected plaintiffs’ attempt to establish scienter based on allegations that a company investigation uncovered additional information about the continued misuse of user data associated with the data breach, as plaintiffs failed to sufficiently connect the company’s executives with the investigation or any specific factual information revealed through the investigation. Id. at *5.
With respect to challenged statements concerning users’ control of their data—which plaintiffs contended were false because the company allegedly continued to provide access to user data to certain third parties—the Court explained that plaintiffs failed to establish loss causation because the alleged decline in the company’s stock price occurred more than one month after the company’s alleged data access practices were publicly revealed. Id. at *7. Based on this gap in time, the Court held that plaintiffs failed to establish the necessary connection between the alleged corrective disclosure and the decline in the company’s stock price. Id.