Alphabet sued over failing to disclose Google+ privacy vulnerability
An investor has launched a lawsuit against Google's parent company, Alphabet, arguing that the company deceived fellow investors by failing to reveal a Google+ bug that could have exposed profile information people didn't set to public.
The complaint, launched by a lawyer for plaintiff Adam Wicks, charges that Alphabet executives "repeatedly made materially false and misleading statements regarding the security failure affecting users' personal data," particularly through two 10-Q filings with the U.S. Securities and Exchange Commission in April and July. Those documents insisted that there had been "no material changes" to risk, including security breaches, since the end of December — in reality, the bug was only quietly fixed the following March.
The 10-Qs should have indicated that "damage to the company's reputation and operating results and loss of customers from this failure of the company's security measures were imminent and inevitable," the complaint says, adding that as a result of Alphabet's mistake, Wicks and others were hit by a "precipitous decline in the market value of the company's common shares."
The bug was only made public in a recent Wall Street Journal report. Within the following two days, Alphabet's stock price dropped by $67.75.
Referring to the Journal story, the Wicks suit asserts that Google even circulated an internal memo warning that disclosing the bug would draw "immediate regulatory interest."
The case is being handled through the U.S. District Court for the Northern District of California, and names Alphabet CEO Larry Page, Google CEO Sundar Pichai, and Google CFO Ruth Porat as additional defendants. The executives have been issued a summons, and have 21 days to respond.
Google is planning to shut down Google+ in August 2019. The measure is being taken both as a security measure and an admission that the social network has failed to gain much traction, with usage well short of rivals like Facebook and Twitter.