A proposed class action looks to represent Zoom Video Communications investors who were allegedly misled as to the strength of the video conferencing platform’s data privacy, security measures and end-to-end encryption. The case out of California further alleges Zoom executives, including CEO Eric Yuan, sold off “substantial portions” of their personal shares just prior to the precipitous price declines outlined by the plaintiff, when company shares were trading at “historic highs.”
According to the 35-page lawsuit, Zoom, between April 18, 2019 and April 6, 2020, issued to investors materially false and misleading statements concerning the company’s handling of user data—in particular that such is shared with third parties, including Facebook, without users’ consent—and overall security measures. The case alleges that as a result of Zoom’s misrepresentations concerning its data security, those who used the company’s “Zoom Meetings” video conferencing service were at an increased risk of having their information accessed by unauthorized parties, stressing that usage of Zoom would likely decline once the platform’s data protection inadequacies came to light.
Per the complaint, Zoom filed a Form S-1 registration statement with the Securities and Exchange Commission (SEC) in connection with its initial public offering (IPO) on March 22, 2019. After a number of amendments, Zoom’s Form S-1 was declared effective by the SEC on April 17, and the following day the company filed a prospectus on Form 424B4 that purported to provide investors with information deemed necessary in order to consider taking part in Zoom’s IPO and buying the company’s new publicly issued stock, the lawsuit states.
In its IPO supporting documents, Zoom touted, among other strengths, “robust security capabilities, including end-to-end encryption, secure login, administrative controls and role-based access controls” in addition to the ability for developers to utilize cross-platform software development kits such as those used to link users’ data to third parties like Facebook, the case says. Zoom’s IPO materials also included, however, “generic, boilerplate” representations of cybersecurity risks that the lawsuit argues amounted to catchall provisions that failed to speak to the actual known privacy and data protection weaknesses with the defendant’s platform.
The lawsuit says that while rumblings of Zoom’s cybersecurity deficiencies started floating to the surface as early as July 2019, the effects of such were minimal due to the company’s “obfuscation” and relatively lower profile. That month, the suit says, an article revealed that Zoom suffered from a flaw that allowed hackers to take over Mac users’ webcams. Upon this news, Zoom stock prices sank 1.22 percent, according to the case, a dip that was followed by another price drop when the Electronic Privacy Information Center filed with the FTC a complaint that alleged Zoom “intentionally designed their web conferencing service to bypass browser security settings and remotely enable a user’s web camera without the consent of the user.”
With the explosion of new Zoom users during the COVID-19 pandemic in March and April, however, the truth regarding the company’s privacy and security shortcomings “was more fully laid bare” as a stream of negative news reports made clear that Zoom had, according to the lawsuit, “significantly overstated” to investors and the general public the strength of its end-to-end encryption. The lawsuit alleges that the “storm of bad publicity”—namely a barrage of damning reports from Bloomberg, the New York Times, Motherboard, The Intercept, Reuters, and Apple Insider, among a number of other outlets, and the filing of at least three proposed class action lawsuits—led Zoom’s stock price to fall nearly $30 per share, or 19.62 percent, in early April.
Zoom’s turbulent April climaxed with a report from the Washington Post—who revealed that thousands of users’ personal videos had been left viewable on the open internet—and a disclosure from the company itself regarding how it “mistakenly” allowed two of its Chinese data centers to “accept calls as a backup in the event of network congestion” while it attempted to ramp up its server capacity, the suit continues. Adding to Zoom’s troubles, the company’s CEO received around the same time a letter from the House Committee on Energy and Commerce centered on concerns with Zoom’s security inadequacies, a communication that preceded by one day a less-than rosy Wall Street Journal interview in which Yuan laid bare the seeming conclusion that "[i]f we mess up again, it’s done.”
On April 6, the same day New York City schools announced they would be banning the use of Zoom in the city’s classrooms and working with the Department of Education to ensure students’ privacy—as well as the publication a Yahoo! Finance article revealing that someone posted a collection of 352 compromised Zoom accounts on the dark web—Zoom’s stock price dropped again, this time by more than four percent, the case says.
“As a result of Defendants’ wrongful acts and omissions, and the precipitous decline in the market value of the Company’s securities, Plaintiff and other Class members have suffered significant losses and damages,” the lawsuit alleges.
Touched upon lastly in the complaint is what the plaintiff calls the “substantial and suspicious” insider trading committed by Zoom executives, who allegedly sold significant portions of their personally held shares “directly prior” to when stock prices sank.
“These sales were made while Company shares were trading at historic highs, bolstered even further by the artificial inflation which had lingered hidden in the price of Zoom shares since its inception as a publicly traded company,” the case alleges, claiming the “suspiciously timed and unusual” sales pulled in a windfall for “Zoom insiders.”
The lawsuit can be read below.
Want class action news sent to your inbox? Sign up for ClassAction.org's newsletter here.