Amy Heath and Eric Bosset of Covington and Burling write:
The Fourth Circuit’s opinion last week in In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions. Following a data breach of the Starwood guest reservation system, Marriott investors brought securities claims alleging that the purported failure to disclose vulnerabilities in Starwood’s IT systems rendered certain public statements false or misleading.
For example, the investors argued that Marriott’s statement that “the integrity and protection of customer, employee, and company data is critical to us as we use such data for business decisions and to maintain operational efficiency” was misleading because it gave the “impression that Marriott was securing and protecting the customer data acquired from Starwood.” The district court rejected this argument after finding that the challenged statements “did not assign a quality to Marriott’s cybersecurity that it did not have.”
Read more at Inside Class Actions.
And for another court’s decision on communications that had me scratching my head this morning, see Court Rejects Demand for “Corrective” Notice in Blackbaud Data Breach MDL.