Shareholders Sue Zoom Over Privacy, Hacking Concerns

By Kelly Zegers
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Class Action newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!



Law360 (April 8, 2020, 5:05 PM EDT) -- Video conferencing provider Zoom was hit with a proposed class action Tuesday accusing it of misleading shareholders about the degree of its data privacy and security measures and failing to disclose that its service was not end-to-end encrypted.

The suit comes as Zoom Video Communications Inc., whose virtual meetings are widely relied on by those sheltering at home during the COVID-19 pandemic, faces separate litigation and mounting concerns over its data privacy practices.

Zoom investors were hurt when the company's "inadequate data privacy and security measures" came to light as the global health crisis ramped up and entities started backing off the service, according to the suit.

"As it became clear through a series of news reports and admissions by the company that Zoom had significantly overstated the degree to which its video communication software was encrypted, and organizations consequently prohibited its employees from utilizing Zoom for work activities, the company's stock price plummeted, damaging investors," according to the proposed class.

Shareholder Michael Drieu is looking to represent a class of people who purchased or acquired Zoom shares between April 18, 2019 –– the day the company began publicly trading on the Nasdaq –– and April 6, 2020.

The proposed class is seeking to recover damages caused by the company's alleged violations of federal securities laws, according to the complaint.

Zoom allegedly included false or misleading statements and omissions in its initial public offering documents, saying it offered "robust security capabilities, including end-to-end encryption," according to the complaint.

End-to-end encryption prevents third parties from accessing communications. 

The proposed class said the company's offering documents contained "boilerplate" warnings related to cybersecurity, data privacy and hacking and "generic 'catchall' provisions that were not tailored to Zoom's actual known risks concerning weaknesses in its cybersecurity and data protection systems."

Zoom executives continued to mislead investors in earnings calls and securities reports after the Electronic Privacy Information Center filed a complaint with the Federal Trade Commission in July 2019 alleging the company put users' privacy at risk, according to the suit.

On Monday, EPIC sent a letter to the FTC urging it to open an investigation into Zoom's business practices and to issue, as soon as practicable, best practices for online conferencing services.

Representatives for the proposed class and Zoom did not immediately return requests for comment Wednesday.

Zoom is up against growing concerns in and outside the courts over its suspected data misuses and security. "Zoom-bombing," when hackers pop into and disrupt video meetings, is among the privacy worries that have caught the attention of the FBI and others.

The company faces at least two other proposed class actions by consumers targeting its allegedly unauthorized sharing of user data with Facebook. State attorneys general have also sounded alarms, questioning whether the company's protections are up to snuff, and U.S. lawmakers have asked the company to address questions about its privacy and security policies.

In the last week, the New York City Department of Education said it would no longer allow its more than 1.1 million students and their teachers to use Zoom for remote learning. It has advised schools to transition to Microsoft Teams or Google's Meet videoconferencing app.

Zoom founder and CEO Eric Yuan, who is named in the latest proposed class action, apologized to customers last week for falling short on privacy and security expectations and said that supporting the influx of users amid the COVID-19 pandemic has been a tremendous undertaking. 

"We appreciate the scrutiny and questions we have been getting — about how the service works, about our infrastructure and capacity, and about our privacy and security policies," Yuan wrote in a company blog post. "These are the questions that will make Zoom better, both as a company and for all its users."

The proposed class is represented by Jennifer Pafiti, Jeremy A. Lieberman, J. Alexander Hood II and Patrick V. Dahlstrom of Pomerantz LLP and Peretz Bronstein of Bronstein Gewirtz & Grossman LLP.

Counsel information for Zoom was not available Wednesday.

The case is Drieu et al. v. Zoom Video Communications Inc. et al., case number 5:20-cv-02353, in the U.S. District Court for the Northern District of California.

--Additional reporting by Allison Grande and Emma Whitford. Editing by Haylee Pearl.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!