Back to News list

Michael Celio Discusses Whether Markets React to the Increasing Number of Data Breaches

The Recorder

A Silicon Valley company that touted the security of its mobile platform is facing a shareholder class action related to a 2014 data breach.

MobileIron Inc. sells software intended to help companies securely manage their employees' mobile devices. A suit filed last week in Santa Clara County Superior Court claims the company failed to disclose before launching its June 2014 initial public offering that hackers had infiltrated the MobileIron platform used by British insurance company Aviva PLC.

MobileIron went ahead with its IPO, raising almost $100 million, but "omitting crucial realities," plaintiffs lawyers wrote. MobileIron failed to disclose that the company's platform was vulnerable to hackers, according to the complaint, information which was likely to hurt the company's ability to continue to close deals.

"The registration statement's representations were materially inaccurate, misleading and/or incomplete," wrote John Jasnoch of Scott + Scott's San Diego office. "Accordingly, the price of MobileIron shares was artificially and materially inflated at the time of the offering."

MobileIron revealed subpar earnings on April 22, according to the suit. Stock prices fell more than 25 percent on that news, and have "continued to languish" at levels below their IPO. The same day, the company's chief financial officer resigned.

Jasnoch said an online insurance journal broke the news of the Aviva cyberattack the day after MobileIron's IPO. A second article by The Register revealed a hacker infiltrated the MobileIron server and wiped many Aviva devices, costing the insurance company millions. Aviva, which had used MobileIron's platform to manage more than 1,000 mobile devices, moved its impacted personnel onto a service offered by MobileIron competitor BlackBerry Ltd., and started discussions about ending its MobileIron contract.

Jasnoch's complaint follows a federal suit filed by The Rosen Law Firm, which also accuses the company of misleading investors, but doesn't address the Aviva breach. MobileIron is represented in that case by Cooley partner John Dwyer, who declined to comment on the new litigation.

A representative from MobileIron didn't respond to a request for comment Monday.

Data breaches are becoming increasingly frequent, but while plaintiffs lawyers have had some luck with privacy class actions, securities lawyers have mainly stayed on the sidelines.

Hagens Berman Sobol Shapiro partner Reed Kathrein said he's researched data breaches to see if there's potential for a securities class action, but he's passed on every one. Plaintiffs need a significant breach-related stock drop to prove damages, and so far that hasn't been the case.

Keker & Van Nest partner Michael Celio said that may be because data breaches have become the norm.

"These breaches are such common events these days, unfortunately for all of us," he said, "that I'd be surprised if the markets reacted consistently negatively to every allegation that there's been a breach."