Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 1 of 28
`
`
`
`POMERANTZ LLP
`Jennifer Pafiti (SBN 282790)
`1100 Glendon Avenue, 15th Floor
`Los Angeles, California 90024
`Telephone: (310) 405-7190
`jpafiti@pomlaw.com
`
`Attorney for Plaintiff
`
`[Additional Counsel on Signature Page]
`
`
`
`UNITED STATES DISTRICT COURT
`NORTHERN DISTRICT OF CALIFORNIA
`
`
`
`MICHAEL DRIEU, Individually and On
`Behalf of All Others Similarly Situated,
`
`
`Plaintiff,
`
`
`Case No.
`
`CLASS ACTION
`
`COMPLAINT FOR VIOLATIONS OF
`THE FEDERAL SECURITIES LAWS
`
`DEMAND FOR JURY TRIAL
`
`
`
`v.
`
`
`ZOOM VIDEO COMMUNICATIONS,
`INC., ERIC S. YUAN, and KELLY
`STECKELBERG,
`
`
`Defendants.
`
`
`
`
`
`
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 2 of 28
`
`
`
`Plaintiff Michael Drieu (“Plaintiff”), individually and on behalf of all other persons
`
`similarly situated, by Plaintiff’s undersigned attorneys, for Plaintiff’s complaint against
`
`Defendants, alleges the following based upon personal knowledge as to Plaintiff and Plaintiff’s
`
`own acts, and information and belief as to all other matters, based upon, inter alia, the investigation
`
`conducted by and through Plaintiff’s attorneys, which included, among other things, a review of
`
`the Defendants’ public documents, conference calls and announcements made by Defendants,
`
`United States Securities and Exchange Commission (“SEC”) filings, wire and press releases
`
`published by and regarding Zoom Video Communications, Inc. (“Zoom” or the “Company”),
`
`analysts’ reports and advisories about the Company, and information readily obtainable on the
`
`Internet. Plaintiff believes that substantial evidentiary support will exist for the allegations set
`
`forth herein after a reasonable opportunity for discovery.
`
`NATURE OF THE ACTION
`
`1.
`
`This is a federal securities class action on behalf of a class consisting of all persons
`
`other than Defendants who purchased or otherwise acquired Zoom securities between April 18,
`
`2019 and April 6, 2020, both dates inclusive (the “Class Period”), seeking to recover damages
`
`caused by Defendants’ violations of the federal securities laws and to pursue remedies under
`
`Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 (the “Exchange Act”) and Rule
`
`10b-5 promulgated thereunder, against the Company and certain of its top officials.
`
`2.
`
`Zoom was founded in 2011 and is headquartered in San Jose, California. The
`
`Company was formerly known as Zoom Communications, Inc. and changed its name to Zoom
`
`Video Communications, Inc. in May 2012.
`
`3.
`
`Zoom provides a video communications platform application (“app”) that allows
`
`users to interact with each other primarily in the Americas, the Asia Pacific, Europe, the Middle
`
`East, and Africa. Users may connect through frictionless video, voice, chat, and content sharing.
`
`1
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 3 of 28
`
`
`
`The Company’s cloud-native platform enables face-to-face video experiences and connects users
`
`across various devices and locations in a single meeting. The Company serves education,
`
`entertainment/media, enterprise infrastructure, finance, healthcare, manufacturing, non-profit/not
`
`for profit and social impact, retail/consumer products, and software/Internet industries, as well as
`
`individuals.
`
`4.
`
`On March 22, 2019, Zoom filed a registration statement on Form S-1 with the SEC
`
`in connection with its initial public offering (“IPO”), which, after several amendments, was
`
`declared effective by the SEC on April 17, 2019 (the “Registration Statement”).
`
`5.
`
`On April 18, 2019, Zoom filed a prospectus on Form 424B4 with the SEC in
`
`connection with its IPO, which purported to provide information necessary for investors to
`
`consider before partaking in its IPO and purchasing the Company’s newly publicly-issued stock
`
`(collectively with the Registration Statement, the “Offering Documents”).
`
`6.
`
`That same day, Zoom conducted its IPO and began trading publicly on the Nasdaq
`
`Global Select Market (“NASDAQ”) under the ticker symbol “ZM.” Pursuant to Zoom’s IPO, the
`
`Company sold 9.91 million of the Company’s shares to the public at the offering price of $36.00
`
`per share.
`
`7.
`
`Throughout the Class Period, Defendants made materially false and misleading
`
`statements regarding the Company’s business, operational and compliance policies. Specifically,
`
`Defendants made false and/or misleading statements and/or failed to disclose that: (i) Zoom had
`
`inadequate data privacy and security measures; (ii) contrary to Zoom’s assertions, the Company’s
`
`video communications service was not end-to-end encrypted; (iii) as a result of all the foregoing,
`
`users of Zoom’s communications services were at an increased risk of having their personal
`
`information accessed by unauthorized parties, including Facebook; (iv) usage of the Company’s
`
`video communications services was foreseeably likely to decline when the foregoing facts came
`
`2
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 4 of 28
`
`
`
`to light; and (v) as a result, the Company’s public statements were materially false and misleading
`
`at all relevant times.
`
`8.
`
`The truth about the deficiencies in Zoom’s software encryption began to come to
`
`light as early as July 2019. However, due in large part to the Company’s obfuscation, it was not
`
`until the COVID-19 pandemic in March and April of 2020, with businesses and other organizations
`
`increasingly relying on Zoom’s video communication software to facilitate remote work activity
`
`as governments increasingly implemented shelter-in-place orders, that the truth was more fully
`
`laid bare in a series of corrective disclosures. As it became clear through a series of news reports
`
`and admissions by the Company that Zoom had significantly overstated the degree to which its
`
`video communication software was encrypted, and organizations consequently prohibited its
`
`employees from utilizing Zoom for work activities, the Company’s stock price plummeted,
`
`damaging investors.
`
`9.
`
`As a result of Defendants’ wrongful acts and omissions, and the precipitous decline
`
`in the market value of the Company’s securities, Plaintiff and other Class members have suffered
`
`significant losses and damages.
`
`JURISDICTION AND VENUE
`
`10.
`
`The claims asserted herein arise under and pursuant to Sections 10(b) and 20(a) of
`
`the Exchange Act (15 U.S.C. §§ 78j(b) and 78t(a)) and Rule 10b-5 promulgated thereunder by the
`
`SEC (17 C.F.R. § 240.10b-5).
`
`11.
`
`This Court has jurisdiction over the subject matter of this action pursuant to 28
`
`U.S.C. § 1331 and Section 27 of the Exchange Act.
`
`12.
`
`Venue is proper in this Judicial District pursuant to Section 27 of the Exchange Act
`
`(15 U.S.C. § 78aa) and 28 U.S.C. § 1391(b). Zoom is headquartered in this Judicial District,
`
`3
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 5 of 28
`
`
`
`Defendants conduct business in this Judicial District, and a significant portion of Defendants’
`
`activities took place within this Judicial District.
`
`13.
`
`In connection with the acts alleged in this complaint, Defendants, directly or
`
`indirectly, used the means and instrumentalities of interstate commerce, including, but not limited
`
`to, the mails, interstate telephone communications, and the facilities of the national securities
`
`markets.
`
`PARTIES
`
`14.
`
`Plaintiff, as set forth in the attached Certification, acquired Zoom securities at
`
`artificially inflated prices during the Class Period and was damaged upon the revelation of the
`
`alleged corrective disclosures.
`
`15.
`
`Defendant Zoom is a Delaware corporation with principal executive offices located
`
`at 55 Almaden Boulevard, 6th Floor, San Jose, California 95113. Zoom securities trade in an
`
`efficient market on the NASDAQ under the ticker symbol “ZM.”
`
`16.
`
`Defendant Eric S. Yuan (“Yuan”) has served as Zoom’s President and Chief
`
`Executive Officer at all relevant times.
`
`17.
`
`Defendant Kelly Steckelberg (“Steckelberg”) has served as Zoom’s Chief Financial
`
`Officer at all relevant times.
`
`18.
`
`Defendants Yuan and Steckelberg are sometimes referred to herein as the
`
`“Individual Defendants.”
`
`19.
`
`The Individual Defendants possessed the power and authority to control the
`
`contents of Zoom’s SEC filings, press releases, and other market communications. The Individual
`
`Defendants were provided with copies of Zoom’s SEC filings and press releases alleged herein to
`
`be misleading prior to or shortly after their issuance and had the ability and opportunity to prevent
`
`their issuance or to cause them to be corrected. Because of their positions with Zoom, and their
`
`4
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 6 of 28
`
`
`
`access to material information available to them but not to the public, the Individual Defendants
`
`knew that the adverse facts specified herein had not been disclosed to and were being concealed
`
`from the public, and that the positive representations being made were then materially false and
`
`misleading. The Individual Defendants are liable for the false statements and omissions pleaded
`
`herein.
`
`20.
`
`Zoom and the Individual Defendants are sometimes collectively referred to herein
`
`as “Defendants.”
`
`SUBSTANTIVE ALLEGATIONS
`
`Background
`
`21.
`
`Zoom was founded in 2011 and is headquartered in San Jose, California. The
`
`Company was formerly known as Zoom Communications, Inc. and changed its name to Zoom
`
`Video Communications, Inc. in May 2012.
`
`22.
`
`Zoom provides a video communications app that allows users to interact with each
`
`other primarily in the Americas, the Asia Pacific, Europe, the Middle East, and Africa. Users may
`
`connect through frictionless video, voice, chat, and content sharing. The Company’s cloud-native
`
`platform enables face-to-face video experiences and connects users across various devices and
`
`locations in a single meeting. The Company serves education, entertainment/media, enterprise
`
`infrastructure, finance, healthcare, manufacturing, non-profit/not for profit and social impact,
`
`retail/consumer products, and software/Internet industries, as well as individuals.
`
`23.
`
`On March 22, 2019, Zoom filed the Registration Statement on Form S-1 with the
`
`SEC in connection with its IPO, which, after several amendments, was declared effective by the
`
`SEC on April 17, 2019.
`
`5
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 7 of 28
`
`
`
`24.
`
`On April 18, 2019, Zoom filed a prospectus on Form 424B4 with the SEC in
`
`connection with its IPO, which purported to provide information necessary for investors to
`
`consider before partaking in its IPO and purchasing the Company’s newly publicly-issued stock.
`
`25.
`
`That same day, Zoom conducted its IPO and began trading publicly on the
`
`NASDAQ under the ticker symbol “ZM.” Pursuant to Zoom’s IPO, the Company sold 9.91
`
`million of the Company’s shares to the public at the offering price of $36.00 per share.
`
`Materially False and Misleading Statements Issued During the Class Period
`
`26.
`
`The Class Period begins on April 18, 2019, when Zoom conducted its IPO and its
`
`shares began publicly trading on the NASDAQ pursuant to the materially false or misleading
`
`statements or omissions contained in the Offering Documents. In the Offering Documents,
`
`Defendants touted that Zoom’s “unique technology and infrastructure enable [inter alia] best-in-
`
`class reliability,” and that Zoom “offer[s] robust security capabilities, including end-to-end
`
`encryption, secure login, administrative controls and role-based access controls” (emphasis
`
`added).
`
`27.
`
`Additionally, the Offering Documents touted that “[o]ne of the most important
`
`features of [Zoom’s] platform is its broad interoperability with a range of diverse devices,
`
`operating systems and third-party applications”; that its “platform is accessible from the web and
`
`from devices running Windows, Mac OS, iOS, Android and Linux”; that the Company has
`
`“integrations with [inter alia] . . . a variety of other productivity, collaboration, data management
`
`and security vendors”; and that the Company “provide[s], develop[s] and create[s] applications for
`
`[its] platform partners that integrate[s] [its] platform with [its] partners’ various offerings.”
`
`28.
`
`The Offering Documents also touted that, as part of Zoom’s growth strategy, the
`
`Company “enable[s] developers to embed our platform into their own offerings through [inter alia]
`
`6
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 8 of 28
`
`
`
`. . . [its] cross-platform software development kits (SDKs),” such as those the Company used, or
`
`would eventually use, when linking users’ data to Facebook.
`
`29.
`
`Additionally, the Offering Documents generally touted that Zoom’s “cloud-native
`
`platform delivers reliable, high-quality video that is easy to use, manage and deploy, provides an
`
`attractive return on investment, is scalable and easily integrates with physical spaces and
`
`applications”; that such “rich and reliable communications lead to interactions that build greater
`
`empathy and trust”; and that Defendants “strive to live up to the trust our customers place in us by
`
`delivering a communications solution that ‘just works.’”
`
`30.
`
`The Offering Documents also assured investors that Zoom “strive[s] to comply with
`
`applicable laws, regulations, policies and other legal obligations relating to privacy, data protection
`
`and information security to the extent possible.”
`
`31.
`
`Finally, the Offering Documents contained generic, boilerplate representations
`
`concerning Zoom’s risks related to cybersecurity, data privacy, and hacking, noting that the
`
`Company’s “security measures have on occasion, in the past, been, and may in the future be,
`
`compromised”; that “[c]onsequently, our products and services may be perceived as not being
`
`secure,” which “may result in customers and hosts curtailing or ceasing their use of our products,
`
`our incurring significant liabilities and our business being harmed”; and that “actual or perceived
`
`failure to comply with privacy, data protection and information security laws, regulations, and
`
`obligations could harm our business.” Plainly, the foregoing risk warnings were generic “catch-
`
`all” provisions that were not tailored to Zoom’s actual known risks concerning weaknesses in its
`
`cybersecurity and data protection systems.
`
`32.
`
`On June 7, 2019, Zoom filed its first Quarterly Report on Form 10-Q with the SEC
`
`following its IPO, reporting the Company’s financial and operating results for the quarter ended
`
`April 30, 2019 (the “1Q20 10-Q”). The 1Q20 10-Q contained substantively the same statements
`
`7
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 9 of 28
`
`
`
`referenced in ¶¶ 27 and 29-31, supra, touting the way Zoom interacts with various operating
`
`systems and third-party applications, the trust its platform builds with customers and users, and
`
`the Company’s efforts relating to privacy, data protection and information security; and providing
`
`generic “catch-all” provisions that were not tailored to Zoom’s actual known risks concerning
`
`weaknesses in its cybersecurity and data protection systems.
`
`33.
`
`Appended as an exhibit to the 1Q20 10-Q were signed certifications pursuant to the
`
`Sarbanes-Oxley Act of 2002 (“SOX”), wherein the Individual Defendants certified that the 1Q20
`
`10-Q “fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange
`
`Act of 1934 and that information contained in [the 1Q20 10-Q] fairly presents, in all material
`
`respects, the financial condition and results of operations of Zoom.”
`
`34.
`
`The statements referenced in ¶¶ 26-33 were materially false and misleading because
`
`Defendants made false and/or misleading statements, as well as failed to disclose material adverse
`
`facts about the Company’s business, operational and compliance policies. Specifically,
`
`Defendants made false and/or misleading statements and/or failed to disclose that: (i) Zoom had
`
`inadequate data privacy and security measures; (ii) contrary to Zoom’s assertions, the Company’s
`
`video communications service was not end-to-end encrypted; (iii) as a result of all the foregoing,
`
`users of Zoom’s communications services were at an increased risk of having their personal
`
`information accessed by unauthorized parties, including Facebook; (iv) usage of the Company’s
`
`video communications services was foreseeably likely to decline when the foregoing facts came
`
`to light; and (v) as a result, the Company’s public statements were materially false and misleading
`
`at all relevant times.
`
`The Truth Begins to Emerge
`
`35.
`
`On July 8, 2019, during intraday trading hours, security researcher Jonathan
`
`Leitschuh (“Leitschuh”) linked an article published by him that day to his Twitter account, which
`
`8
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 10 of 28
`
`
`
`allegedly exposed a flaw allowing hackers to take over Zoom webcams. According to the article,
`
`“[a] vulnerability in the Mac Zoom Client allows any malicious website to enable your camera
`
`without your permission,” and “[t]he flaw potentially exposes up to 750,000 companies around
`
`the world that use Zoom to conduct day-to-day business.”
`
`36.
`
`On this news, Zoom’s stock price fell $1.12 per share, or 1.22%, to close at $90.76
`
`per share on July 8, 2019.
`
`37.
`
`Then, on July 11, 2019, public interest research center the Electronic Privacy
`
`Information Center (“EPIC”) filed a complaint against Zoom before the U.S. Federal Trade
`
`Commission (“FTC”), alleging that the Company “placed at risk the privacy and security of the
`
`users of its services,” that “Zoom intentionally designed their web conferencing service to bypass
`
`browser security settings and remotely enable a user’s web camera without the consent of the
`
`user,” and that, “[a]s a result, Zoom exposed users to the risk of remote surveillance, unwanted
`
`videocalls, and denial-of-service attacks.” The complaint also alleged that “[w]hen informed of
`
`the vulnerabilities Zoom did not act until the risks were made public, several months after the
`
`matter was brought to the company’s attention,” that “Zoom exposed its users to a wide range of
`
`harms, many of which are ongoing,” and that the Company’s “business practices amount to unfair
`
`and deceptive practices under Section 5 of the FTC Act, subject to investigation and injunction by
`
`the [FTC].”
`
`38.
`
`On this news, Zoom’s stock fell $1.32 per share, or 1.42%, to close at $91.40 per
`
`share on July 11, 2019.
`
`39.
`
`Following these disclosures, however, Zoom’s stock price continued to trade at
`
`artificially inflated prices throughout the Class Period as a result of Defendants’ continued
`
`misrepresentations and omissions concerning Zoom’s data privacy and security mechanisms.
`
`9
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 11 of 28
`
`
`
`40.
`
`For example, on September 5, 2019, Zoom hosted an earnings call with investors
`
`and analysts to discuss the Company’s second quarter financial results. In responding to a question
`
`regarding the Company’s technology and architecture, Defendant Yuan stated, in relevant part:
`
`I think the combination of technology, ease-of-use, security will win the customer
`trust, right. If you look at all other solutions out there today, all of them architecture
`is very old, right? Not a design for modern video cloud -- video first architecture.
`That's why we're ahead of any of our competitors for several years. Otherwise, I
`will go back to work all the weekend.
`
`
`(Emphasis added.)
`
`
`41.
`
`Then, on September 13, 2019, Zoom filed a Quarterly Report on Form 10-Q with
`
`the SEC, reporting the Company’s financial and operating results for the quarter ended July 31,
`
`2019 (the “2Q20 10-Q”). The 2Q20 10-Q contained substantively the same statements referenced
`
`in ¶¶ 27, 29-31, and 33, supra, touting the way Zoom interacts with various operating systems and
`
`third-party applications, the trust its platform builds with customers and users, and the Company’s
`
`efforts relating to privacy, data protection and information security; providing generic “catch-all”
`
`provisions that were not tailored to Zoom’s actual known risks concerning weaknesses in its
`
`cybersecurity and data protection systems; and containing SOX certifications signed by the
`
`Individual Defendants attesting to the accuracy and reliability of the financial report those
`
`certifications were appended to as an exhibit.
`
`42.
`
`Additionally, in the 2Q20 10-Q’s section dedicated to disclosing legal proceedings,
`
`Defendants asserted that “[w]e are not presently a party to any litigation the outcome of which, we
`
`believe, if determined adversely to us, would individually or taken together have a material adverse
`
`effect on our business, operating results, cash flows or financial condition,” even despite the fact
`
`that legal proceedings had already been initiated by EPIC before the FTC on July 11, 2019,
`
`regarding Zoom’s inadequate privacy and security measures, and at-risk software.
`
`10
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 12 of 28
`
`
`
`43.
`
`On December 9, 2019, Zoom filed another Quarterly Report on Form 10-Q with
`
`the SEC, reporting the Company’s financial and operating results for the quarter ended October
`
`31, 2019 (the “3Q20 10-Q”). The 3Q20 10-Q contained substantively the same statements
`
`referenced in ¶¶ 27, 29-31, 33, and 42, supra, touting the way Zoom interacts with various
`
`operating systems and third-party applications, the trust its platform builds with customers and
`
`users, the Company’s efforts relating to privacy, data protection and information security, the lack
`
`of any legal proceedings likely to have a material adverse effect on the Company’s business,
`
`operating results, cash flows or financial condition; providing generic “catch-all” provisions that
`
`were not tailored to Zoom’s actual known risks concerning weaknesses in its cybersecurity and
`
`data protection systems; and containing SOX certifications signed by the Individual Defendants
`
`attesting to the accuracy and reliability of the financial report those certifications were appended
`
`to as an exhibit.
`
`44.
`On March 4, 2020, Zoom hosted an earnings call with investors and analysts to
`discuss the Company’s fourth quarter financial results. On that call, and while discussing an
`example of the security and compliance that Zoom’s services ensured for its users, Defendant
`Yuan stated, in relevant part:
`I also want to thank VMware for trusting Zoom. VMware has been providing all
`employees, globally, access to Zoom meetings and digital workspace, and will soon
`utilize a large deployment of Zoom Phone. The easy, single sign-on access to Zoom
`from any device is enabled to leverage the VMware Workspace ONE platform,
`allowing employees to access all the applications they need from their device of
`choice while ensuring security and compliance.
`
`
`(Emphasis added.)
`
`
`45.
`
`On March 20, 2020, six days before the truth fully emerged regarding Zoom’s
`
`deficient security and privacy systems, Zoom filed its first Annual Report on Form 10-K with the
`
`SEC since its IPO, reporting the Company’s financial and operating results for the quarter and year
`
`ended January 31, 2020 (the “2020 10-K”). As with the Offering Documents, the 2020 10-K
`
`11
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 13 of 28
`
`
`
`touted that Zoom’s “unique technology and infrastructure enable [inter alia] best-in-class
`
`reliability.”
`
`46.
`
`The 2020 10-K also touted that the Company’s Zoom Video Webinars feature
`
`“easily integrates with [inter alia] Facebook Live . . . providing access to large bases of viewers,”
`
`without disclosing how integration with Facebook could implicate users’ personal data, if at all.
`
`47.
`
`Additionally, the 2020 10-K contained substantively the same statements
`
`referenced in ¶¶ 27-31, 33, and 42, supra, touting the way Zoom interacts with various operating
`
`systems and third-party applications, how the Company employed SDKs to partner with other
`
`digital platforms and app providers, the trust its platform builds with customers and users, the
`
`Company’s efforts relating to privacy, data protection and information security, the lack of any
`
`legal proceedings likely to have a material adverse effect on the Company’s business, operating
`
`results, cash flows or financial condition; providing generic “catch-all” provisions that were not
`
`tailored to Zoom’s actual known risks concerning weaknesses in its cybersecurity and data
`
`protection systems; and containing SOX certifications signed by the Individual Defendants
`
`attesting to the accuracy and reliability of the financial report those certifications were appended
`
`to as an exhibit.
`
`48.
`
`The statements referenced in ¶¶ 40-47 were materially false and misleading because
`
`Defendants made false and/or misleading statements, as well as failed to disclose material adverse
`
`facts about the Company’s business, operational and compliance policies. Specifically,
`
`Defendants made false and/or misleading statements and/or failed to disclose that: (i) Zoom had
`
`inadequate data privacy and security measures; (ii) contrary to Zoom’s assertions, the Company’s
`
`video communications service was not end-to-end encrypted; (iii) as a result of all the foregoing,
`
`users of Zoom’s communications services were at an increased risk of having their personal
`
`information accessed by unauthorized parties, including Facebook; (iv) usage of the Company’s
`
`12
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 14 of 28
`
`
`
`video communications services was foreseeably likely to decline when the foregoing facts came
`
`to light; and (v) as a result, the Company’s public statements were materially false and misleading
`
`at all relevant times.
`
`The Truth Fully Emerges
`
`49.
`
`On March 26, 2020—in the midst of the COVID-19 pandemic and shelter-in-place
`
`orders from multiple national and local governments, as businesses increasingly turned to Zoom’s
`
`video communication software to facilitate remote work activity —Motherboard, Vice Media’s
`
`technology news subsegment, reported that Zoom’s “privacy policy do[es] [not] make clear . . .
`
`that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom
`
`users don’t have a Facebook account,” and that “Zoom is not forthcoming with the data collection
`
`or the transfer of it to Facebook.” The article also alleged that “[t]he Zoom app notifies Facebook
`
`when the user opens the app, [and provides] details on the user’s device such as the model, the
`
`time zone and city they are connecting from, which phone carrier they are using, and a unique
`
`advertiser identifier created by the user's device which companies can use to target a user with
`
`advertisements.” The article also disclosed that “[s]everal days after Motherboard reached out for
`
`comment and a day after the publication of this piece, Zoom confirmed the data collection in a
`
`statement to Motherboard.”
`
`50.
`
`Then, on March 27, 2020, Zoom issued a statement by Defendant Yuan, disclosing
`
`“a change that [Defendants] have made regarding the use of Facebook’s SDK” after being “made
`
`aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information
`
`unnecessary for us to provide our services.” Yuan admitted that “[t]he information collected by
`
`the Facebook SDK did not include information and activities related to meetings such as attendees,
`
`names, notes, etc., but rather included information about devices such as the mobile OS type and
`
`version, the device time zone, device OS, device model and carrier, screen size, processor cores,
`
`13
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 15 of 28
`
`
`
`and disk space,” and that, “therefore [Defendants] decided to remove the Facebook SDK in [the]
`
`iOS client and have reconfigured the feature so that users will still be able to log in with Facebook
`
`via their browser.” Yuan also promised that Defendants “remain firmly committed to the
`
`protection of our users’ privacy,” and that Defendants were “reviewing our process and protocols
`
`for implementing these features in the future to ensure this does not happen again.”
`
`51.
`
`The next trading day, on March 30, 2020, the New York Times reported that Zoom
`
`is under scrutiny by the office of New York State Attorney General (“AG”), Letitia James
`
`(“James”), “for its data privacy and security practices.” According to the article, James’s “office
`
`sent Zoom a letter asking what, if any, new security measures the company has put in place to
`
`handle increased traffic on its network and to detect hackers” in light of the recent COVID-19
`
`pandemic. Specifically, the article, quoted James, who is “concerned that Zoom’s existing security
`
`practices might not be sufficient to adapt to the recent and sudden surge in both the volume and
`
`sensitivity of data being passed through its network,” and that, “[w]hile Zoom has remediated
`
`specific reported security vulnerabilities, [the office] would like to understand whether Zoom has
`
`undertaken a broader review of its security practices.”
`
`52.
`
`According to the New York Times article, James’s investigation cited, inter alia,
`
`Leitschuh’s earlier findings regarding webcam security issues with the Zoom app, the complaint
`
`that followed from EPIC, the recent revelations from Vice Media’s Motherboard article, and the
`
`Company’s reactive rather than proactive approach to addressing these issues. The article also
`
`noted other concerns cited by James’s office, including how “the [Zoom] app may be
`
`circumventing state requirements protecting student data.” According to the article, “some
`
`children’s privacy experts and parents said they were particularly concerned about how children’s
`
`personal details might be used,” and “[s]ome districts have prohibited educators from using Zoom
`
`as a distance-learning platform.” The article also stated that, “[o]ver the last few weeks, internet
`
`14
`CLASS ACTION COMPLAINT FOR VIOLATIONS OF THE FEDERAL SECURITIES LAWS
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 5:20-cv-02353 Document 1 Filed 04/07/20 Page 16 of 28
`
`
`
`trolls have exploited a Zoom screen-sharing feature to hijack meetings and do things like interrupt
`
`educational sessions or post white supremacist message