Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Sgarlata v. Motion to Dismiss Second Amended Complaint Paypal Holdings, Inc.

United States District Court, N.D. California

September 18, 2019

RONALD SGARLATA, et al., Plaintiffs,
v.
MOTION TO DISMISS SECOND AMENDED COMPLAINT PAYPAL HOLDINGS, INC., et al., Defendants.

          ORDER GRANTING DEFENDANTS’ MOTION TO DISMISS SECOND AMENDED COMPLAINT DOCKET NO. 79

          EDWARD M. CHEN, UNITED STATES DISTRICT JUDGE

         Defendants PayPal Holdings, Inc., TIO Networks ULC, TIO Networks USA, Inc., Daniel H. Schulman, John D. Rainey, Jr., and John Kunze (collectively, “Defendants”) move to dismiss Plaintiffs Michael Eckert and Edwin Bells’ (“Plaintiffs”) second amended complaint (“SAC”). Plaintiffs bring this action individually and on behalf of all others who purchased PayPal securities between November 10, 2017 and December 1, 2017 (the “Class Period”). Plaintiffs claim that they purchased PayPal securities at allegedly inflated prices during the Class Period. The Court previously dismissed Plaintiffs’ first amended complaint (“FAC”) with leave to amend. Docket No. 78. The SAC continues to allege claims for relief against Defendants under 10(b), 10b–5, and 20(a).[1]

         Pending before the Court is Defendants’ Motion to Dismiss (“Mot.”) the SAC pursuant to Federal Rules of Civil Procedure Rule 12(b)(6), Rule 9(b), and the Private Securities Litigation Reform Act (“PSLRA”). Docket No. 79.

         I. BACKGROUND

         A. Factual Background[2]

         “On February 14, 2017, PayPal announced an agreement to purchase TIO Networks Corporation for $233 million.” Id. ¶ 3. “TIO is a bill-pay management company that processed roughly $7 billion in bill payments on behalf of fourteen (14) million customers in 2016.” Id.

         Plaintiffs’ claims arise from press releases that they allege were materially misleading. On November 10, 2017, Defendants TIO and PayPal issued press releases (the “November Announcement”). The November Announcement read as follows:

PayPal Holdings, Inc. (Nasdaq: PYPL) announced that TIO Networks (TIO), a publicly traded company PayPal acquired in July 2017, has suspended operations to protect TIO’s customers. This suspension of services is a result of PayPal’s discovery of security vulnerabilities on the TIO platform and issues with TIO’s data security program that do not adhere to PayPal's information security standards. TIO is not integrated into PayPal’s platform. The PayPal platform is not impacted by this situation in any way and PayPal’s customers’ data remains secure.
Upon the recent discovery of this vulnerability on the TIO platform, PayPal took action by initiating an internal investigation of TIO and bringing in additional third-party cybersecurity expertise to review TIO’s bill payment platform. A focus of the investigation will also include TIO’s practices and representations prior to the acquisition.

         Concurrent with this press release in November, TIO posted the following statement on its website:

On Friday, November 10, 2017, TIO Networks suspended our operations due to the discovery of security vulnerabilities on the TIO platform and issues with TIO’s data security program. While we apologize for any inconvenience this suspension of services may cause, the security of TIO’s systems and the protection of TIO’s customers are our highest priorities. We are actively investigating this situation and working with appropriate authorities to safeguard TIO customers.

         TIO also sent the following message to some of its customers:

On November 10, PayPal announced that TIO Networks, a publicly traded company that PayPal acquired in July 2017, suspended operations to protect TIO’s customers. This suspension of services is a result of PayPal’s discovery of security vulnerabilities on the TIO platform and issues with TIO’s data security program that do not adhere to PayPal’s information security standards.

FAC ¶ 40. Then, on December 1, 2017, TIO and PayPal released a statement disclosing that, in fact, a breach had occurred and that the confidential information of 1.6 million users had been potentially compromised. Id. ¶ 5. The press release dated December 1, 2017 (the “December Announcement”), read as follows:

PayPal Holdings, Inc. (Nasdaq: PYPL) today announced an update on the suspension of operations of TIO Networks (TIO), a publicly traded payment processor PayPal acquired in July 2017. A review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers. The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal’s customers’ data remains secure.
As announced on November 10, PayPal suspended the operations of TIO to protect customer data as part of an ongoing investigation of security vulnerabilities of the TIO platform. This ongoing investigation has identified evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers. As a result, PayPal is taking steps to protect affected customers.
TIO has also begun working with the companies it services to notify potentially affected individuals, and PayPal is working with a consumer credit reporting agency to provide free credit monitoring memberships. Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring.

         Defendants’ Request for Judicial Notice, Ex. E.[3] The following trading day, December 4, 2017, PayPal’s share price dropped $4.33 (5.75%) and closed at $70.97. SAC ¶ 40.

         Plaintiffs contend the November Announcement failed to fully disclose the seriousness of the security breach. Id. ¶ 30. Instead, Plaintiffs assert that Defendants were aware of an alleged breach of TIO’s security that exposed the personal information of TIO’s customers, bill-pay clients, and employees. Id. Plaintiffs argue this omission was materially misleading. They assert the drop in price following the December Announcement, which disclosed the potential compromise of 1.6 million users’ data, caused the loss in stock value suffered by Plaintiffs.

         In asserting their claims of securities fraud by Defendants, Plaintiffs rely primarily on three confidential former employees’ (“FE") statements. Below are the statements from the three FEs, and how their statements in the SAC were amended from the FAC:

1. Former Employee 1
FE1 was a Support Operations Manager at TIO from February 2016 to March 2018, and reported to Senior Vice-President of Operations at TIO. FE1 learned of the breach on November 10, 2017 when FE1 and colleagues received an email around 3 p.m. inviting them to a special meeting. They learned that TIO would be shut down and were told that someone had access to confidential information for customers. FE1 was informed at the special meeting that someone had accessed the names and addresses for customers as well as employees’ information, including gender, social security, numbers, and dates of birth. FE1 also recalled that they were informed at that meeting that the intruder had accesses confidential customer information, and that PayPal said someone had tools and had accessed confidential information, which was sitting in the TIO Networks’ servers.

SAC ¶ 31 (emphasis added to illustrate amendment).

2. Former Employee 2
FE2 was a contract Senior Systems Administrator at TIO Networks in Vancouver from September 2017 to February 2018, reporting to TIO IT Manager Mike McKenzie. FE2 stating that in early November while waiting for an all-hands TIO meeting in their conference room FE2 was summoned back to a different office to hear an announcement from Kunze, telling that TIO had actually been breached. FE2 states that PayPal discovered the breach during a security analysis of the TIO network, and that when they were doing so, they discovered someone in the system. Immediately after Kunze informed FE2 of the breach, the network team immediately severed the link between the corporate and production side of the network, the latter of which being where sensitive customer information was stored, in an attempt to minimize harm to customers. FE2 understood the decision to sever ties between the two halves of the network to demonstrate a serious concern that TIO’s customer information was in jeopardy or already had been compromised.

SAC ΒΆ 33 (emphasis added to illustrate ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.