Construction Laborers Pension Trust Southern CA v. Marriott International, Inc., No. 21-1802 (4th Cir. 2022)Annotate this Case
Following a data breach targeting servers owned by Defendant, Plaintiffs alleged that Defendant violated federal securities laws by omitting material information about data vulnerabilities in their public statements.
The Fourth Circuit affirmed the district court’s dismissal of the complaint, finding that the investors did not adequately allege that any of Defendant’s statements were false or misleading when made.
The court explained that to state a claim under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 and SEC Rule 10b-5, a plaintiff must first allege a “material misrepresentation or omission by the defendant.” However, not all material omissions give rise to a cause of action. Here, Plaintiffs focus on statements about the importance of protecting customer data; privacy statements on Defendant's website; and cybersecurity-related risk disclosures. The court found that Plaintiffs failed to allege that any of the challenged statements were false or rendered Defendant's public statement misleading. Although Defendant could have disseminated more information to the public about its vulnerability to cyberattacks, federal securities law does not require it to do so.