Cybersecurity and the related disclosures can be critical issues for any company in today’s environment. This question is at the center of a recent decision by the Fourth Circuit Court of Appeals. Specifically, the Court focused on the question of what constitutes a false statement in an action centered on cybersecurity claims where information was allegedly omitted. In re Marriott International, Inc., No. 21-1802 (4th Cir. Decided April 21, 2022).
Factual background
In 2016 Marriott merged with Starwood Hotels. Marriott subsumed all of the operations. Two years later Marriott learned that malware had impacted about 500 million guest records in the Starwood reservation database. That resulted from the second largest data breach in history. This case was filed alleging 73 separate public statements that were false and misleading within the meaning of Exchange Act Section 10(b) and Rule 10b-5 thereunder.
The district court granted Marriott’s motion to dismiss with prejudice. The court concluded that Plaintiffs had failed to adequately allege a false or misleading statement or omission. On appeal the Fourth Circuit affirmed.
The decision
On appeal Plaintiffs narrowed their the claims to three groups of statements: 1) those regarding the importance of protecting customer data; 2) a group of privacy statements on Marriott’s website; and 3) cybersecurity-related disclosures. To demonstrate that one of the statements in these groups is false and misleading within the meaning...
Prime Minister Narendra Modi on Friday strongly rejected reports claiming that the government was planning to impose restrictions or additional taxes on foreign travel. In a rare move, PM Modi per...