Navigating the Landscape of Securities Litigation Claims Based on Risk Factor Disclosures

Public companies are required to disclose in Securities and Exchange Commission (SEC) filings potential risks that could adversely impact their business, financial condition, or operational results. However, when these disclosures are deemed inadequate, misleading, or false, investors may pursue securities litigation claims. Recent decisions by the Ninth Circuit Court of Appeals have shown a trend favoring plaintiffs in such cases, as exemplified by the notable case of In re Facebook, Inc. Sec. Litig., 87 F.4th 924 (9th Cir. 2023) and In re Alphabet, Inc. Sec. Litig., No. 20-15638, 2021 WL 2448223 (9th Cir. 2021).

Understanding Risk Factor Disclosures

Risk factor disclosures are an essential component of a company’s SEC filings, providing investors with vital information about potential vulnerabilities. These disclosures encompass a wide array of topics, including market competition, regulatory changes, economic conditions, cybersecurity threats, and litigation risks. The purpose of these disclosures is to enable investors to make well-informed decisions based on a comprehensive understanding of the company’s risk profile.

Securities litigation claims can arise when investors allege that a company’s risk factor disclosures were inadequate, misleading, or false. Plaintiffs may argue that the company failed to disclose material risks, understated the significance of known risks, or made false or misleading statements about the company’s risk profile. Such claims are often brought under federal securities laws, such as Section 10(b) of the Securities Exchange Act of 1934 and SEC Rule 10b-5; and Section 11 of the Securities Act of 1933 for registered public offerings.

To succeed in a securities litigation claim based on risk factor disclosures, plaintiffs generally must demonstrate that:

  1. The company’s risk factor disclosures were materially false or misleading;

  2. The company acted with scienter (i.e., knowledge or reckless disregard for the truth);

  3. The plaintiffs relied on the false or misleading statements; and

  4. The plaintiffs suffered economic losses as a result.

Securities litigation claims based on risk factor disclosures are often complex and highly fact-specific, requiring extensive analysis of the company’s SEC filings, public statements, and internal documents. Defendants typically defend these claims by arguing, among other things, that the risk disclosures were accurate; were forward-looking information protected by the “safe harbor” in the securities laws; or were non-actionable opinions or puffery.

Ninth Circuit Rulings

Recent rulings in cases involving Facebook and Alphabet by the Ninth Circuit Court of Appeals have emphasized the importance of transparency and accuracy in corporate disclosures, underscoring the legal consequences of misleading or inadequate risk statements in SEC filings.

The Ninth Circuit’s decision in In re Facebook, Inc. Sec. Litig., 87 F.4th 924 (9th Cir. 2023), is a case in which the court upheld allegations of securities fraud against a public company based on misleading risk disclosure statements by omission. The case centers around the alleged improper harvesting of personal data from millions of Facebook users by Cambridge Analytica. Facebook shareholders filed a securities class action against Facebook and certain of its officers, alleging that Facebook’s risk factor disclosures were materially misleading by failing to disclose the data harvesting incident.

Facebook's 10-K filings warned about potential risks such as “failure to prevent or mitigate security breaches” and the possibility of third parties improperly accessing user data. However, the plaintiffs argued that these warnings were misleading because they presented the risks as hypothetical, even though the data breach had already occurred. 

The district court dismissed the claims. However, the Ninth Circuit reversed, finding that Facebook’s risk statements were misleading because they portrayed the risk of data breaches as purely hypothetical, despite the fact that such breaches had already happened. A reasonable investor, the court concluded, would have understood the risk as conjectural when it had, in fact, already transpired.

In a similar vein, In re Alphabet, Inc. Sec. Litig., No. 20-15638, 2021 WL 2448223 (9th Cir. 2021), revolved around cybersecurity disclosures. In February 2018, Alphabet filed its 10-K for FY 2017, listing potential consequences of third-party breaches of Google’s cybersecurity measures. However, the company did not disclose a known data breach that had exposed user data for three years, which the CEO had allegedly become aware of in April 2018.

Alphabet’s subsequent 10-Q filings in April and July 2018 stated that there had been “no material changes” to the risk factors outlined in the 2017 10-K—but they did not disclose the breach. When the breach was revealed by the Wall Street Journal in October 2018, Alphabet’s stock price dropped, prompting securities fraud actions against the company and its executives.

The district court dismissed the plaintiffs’ complaint. However, the Ninth Circuit reversed on the basis that a reasonable investor would have been misled by Alphabet’s representation that there had been no material changes in risk factors, suggesting that no data breach had been discovered.

Implications for Public Companies

The Facebook and Alphabet cases underscore the importance of accurate and comprehensive risk factor disclosures in SEC filings. Public companies must be diligent in disclosing known risks and avoiding the portrayal of risks as hypothetical when they have already materialized.

Conclusion

The landscape of securities litigation claims based on risk factor disclosures continues to evolve. As the legal framework surrounding these claims develops, companies must remain vigilant in their disclosure practices to mitigate the risk of securities litigation. 

For more information regarding Alto Litigation’s litigation practice, please contact one of Alto Litigation’s partners: Bahram Seyedin-Noor, Bryan Ketroser, or Joshua Korr.

****

Disclaimer: Materials on this website are for informational purposes only and do not constitute legal advice. Transmission of materials and information on this website is not intended to create, and their receipt does not constitute, an attorney-client relationship. Although you may send us email or call us, we cannot represent you until we have determined that doing so will not create a conflict of interests. Accordingly, if you choose to communicate with us in connection with a matter in which we do not already represent you, you should not send us confidential or sensitive information, because such communication will not be treated as privileged or confidential. We can only serve as your attorney if both you and we agree, in writing, that we will do so.

The materials on this website are not intended to constitute advertising or solicitation. However, portions of this website may be considered attorney advertising in some states.

Unless otherwise specified, the attorneys listed on this website are admitted to practice in the State of California.

Bahram Seyedin-Noor