finding material misstatement where statement failed to fully disclose an unknown-risk because that created a false impression of realitySummary of this case from In re Facebook, Inc. Sec. Litig.
Case No. 17-cv-06956-EMC
ORDER GRANTING DEFENDANTS' MOTIONS TO DISMISS
Docket Nos. 59, 61
On November 10, 2017, PayPal announced in a press release that TIO Networks, a subsidiary of PayPal, was suspended because of a "discovery of security vulnerabilities on the TIO platform and issues with TIO's data security program that do not adhere to PayPal's information security standards." FAC ¶ 36 (Emphasis removed). PayPal issued another press release on December 1, 2017 which disclosed that "[a] review of TIO's network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers." Id. ¶ 39. Plaintiffs allege that after Defendants released this information in December, "PayPal's share price fell $4.33, or 5.75%, to close at $70.97 on December 4, 2017, the following trading day." Id. ¶ 40. Plaintiffs contend that the press releases from November 10, 2017 were materially false or misleading because "they disclosed only a security vulnerability, rather than an actual security breach, which PayPal and TIO did not acknowledge had been detected." Id. ¶ 38. Plaintiffs allege that the statement was "misleading because in fact, PayPal and TIO did not merely discover a vulnerability, but in reality discovered an actual data breach. Specifically, they determined that an unknown but unauthorized person or entity was at that time logged in to TIO's networks and had access to the personal financial information of 1.6 million users." Id. ¶ 4.
Interim Co-Lead Plaintiff, Michael Eckert, purchased PayPal securities at allegedly inflated prices during the class period. Id. ¶ 12. Edwin Bell is also Interim Co-Lead Plaintiff. Id. ¶ 13. They bring this action individually and on behalf of all others who purchased "PayPal securities between November 10, 2017 and December 1, 2017, both dates inclusive (the 'Class period')." Id. ¶ 1.
Defendants are: PayPal Holdings, Inc.; TIO Networks ULC ("a wholly owned subsidiary of PayPal"); TIO Networks USA, Inc. ("a wholly owned subsidiary of TIO and an indirect wholly owned subsidiary of PayPal"); Daniel H. Schulman (President, Chief Executive Officer, and Director of PayPal); John D. Rainey, Jr. (served as Executive Vice President and Chief Financial Officer during the class period); Hamed Shahbazi (served as Vice President of Bill Pay for PayPal during the class period, before that he was Chairman and CEO of TIO); and John Kunze ("PayPal's Vice President of Global Consumer Products and the head of Xoom, a PayPal subsidiary"). Id. ¶¶ 14-20.
Plaintiffs' First Amended Complaint ("FAC") alleges causes of action against Defendants under 10(b), 10b-5, and 20(a). Defendants PayPal Holdings, Inc., TIO Networks ULC, TIO Networks USA, Inc., Schulman, Rainey, Kunze and Shahbazi filed motions to dismiss pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure ("FRCP") and Rule 9(b) of the Private Securities Litigation Reform Act ("PSLRA"). Docket Nos. 59, 61.
II. FACTUAL AND PROCEDURAL BACKGROUND
"On February 14, 2017, PayPal announced an agreement to purchase TIO Networks Corporation for $233 million." Id. ¶ 3. "TIO is a bill-pay management company that processed roughly $7 billion in bill payments on behalf of fourteen (14) million customers in 2016." Id.
Plaintiffs' claims arise from allegedly materially misleading press releases. On November 10, 2017, Defendants TIO and PayPal issued press releases ("the November 10 press releases"). According to the FAC:
PayPal Holdings, Inc. (Nasdaq: PYPL) announced that TIO Networks (TIO), a publicly traded company PayPal acquired in July 2017, has suspended operations to protect TIO's customers. This suspension of services is a result of PayPal's discovery of security vulnerabilities on the TIO platform and issues with TIO's data
security program that do not adhere to PayPal's information security standards. TIO is not integrated into PayPal's platform. The PayPal platform is not impacted by this situation in any way and PayPal's customers' data remains secure.Id. ¶ 36. The TIO statement (as quoted in the FAC) stated: "On Friday, November 10, 2017, TIO Networks suspended our operations due to the discovery of security vulnerabilities on the TIO platform and issues with TIO's data security program. While we apologize for any inconvenience this suspension of services may cause, the security of TIO's systems and the protection of TIO's customers are our highest priorities. We are actively investigating this situation and working with appropriate authorities to safeguard TIO customers." Id. ¶ 37. TIO also sent the following message to some of its customers: "On November 10, PayPal announced that TIO Networks, a publicly traded company that PayPal acquired in July 2017, suspended operations to protect TIO's customers. This suspension of services is a result of PayPal's discovery of security vulnerabilities on the TIO platform and issues with TIO's data security program that do not adhere to PayPal's information security standards." Id.
Upon the recent discovery of this vulnerability on the TIO platform, PayPal took action by initiating an internal investigation of TIO and bringing in additional third-party cybersecurity expertise to review TIO's bill payment platform. A focus of the investigation will also include TIO's practices and representations prior to the acquisition.
Plaintiffs contend the releases failed fully to disclose the seriousness of the security breach. On December 1, 2017, TIO and PayPal released a statement disclosing that, in fact, a breach had occurred and that the confidential information of 1.6 million users had been potentially compromised. Id. ¶ 5. The press release dated December 1, 2017 ("the December 1 press release") read:
PayPal Holdings, Inc. (Nasdaq: PYPL) today announced an update on the suspension of operations of TIO Networks (TIO), a publicly traded payment processor PayPal acquired in July 2017. A review of TIO's network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers. The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal's customers' data remains secure.
As announced on November 10, PayPal suspended the operations of TIO to protect customer data as part of an ongoing investigation of security vulnerabilities of the TIO platform. This ongoing investigation has identified evidence of unauthorized access to
TIO's network, including locations that stored personal information of some of TIO's customers and customers of TIO billers. As a result, PayPal is taking steps to protect affected customers.Id. ¶ 39; see also Exhibit F (Emphasis in FAC not included.) The following trading day, December 4, 2017, PayPal's share price dropped $4.33 (5.75%) and closed at $70.97. FAC ¶ 40.
TIO has also begun working with the companies it services to notify potentially affected individuals, and PayPal is working with a consumer credit reporting agency to provide free credit monitoring memberships. Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring.
Plaintiffs contend Defendants knew there had been an actual security breach before they released the November 10 press releases, but instead referenced only security "vulnerabilities" in those public statements. Id. ¶ 31. Plaintiffs argue this omission was materially misleading. They assert Defendants knew the omission was misleading, and the drop in price following the announcement of the potential compromise of 1.6 million users' data caused the loss in stock value suffered by Plaintiffs.
In support of their claims, Plaintiffs rely primarily on three former employees' statements. Below are the statements from Plaintiffs' three confidential former employees ("FEs"). According to the FAC:
FE1 was a Support Operations Manager at TIO from February 2016 to March 2018, who reported to the Senior Vice-President of Operations at TIO. FE1 stated that she learned of the breach on November 10, 2017 when she and her colleagues received an email around 3 p.m. inviting them to a special meeting. They learned that TIO would be shut down. "We were told they suspected or saw that someone had access to confidential information for customers," FE1 said. "They shut down service to complete the investigation."Id. ¶ 32.
FE2 was a contract Senior Systems Administrator at TIO Networks in Vancouver from September 2017 to February 2018, reporting to TIO IT Manager Mike McKenzie. She stated that in early November she was waiting for an all hands TIO meeting in their conference room when she was summoned back to a different office to hear an announcement from Kunze, telling that TIO had actually been breached. FE2 states that PayPal discovered the breach during a security analysis of the TIO network, and that when they were doing so, they discovered "someone in the system."Id. ¶ 33.
FE3 was Senior .NET Developer for TIO from January 2010 until April 1, 2018, who designed, implemented and maintained the billing and payment systems for TIO. FE3 also performed integrations between clients' application programming interfaces and TIO's server. FE3 stated that she stated that employees of TIO learned of a security breach in early November when TIO announced it had discovered a vulnerability. It was her understanding that was also the time the breach was discovered.Id. ¶ 34.
Plaintiffs assert that the FEs' statements show that Defendants knew the November 10 press releases were materially misleading and that the drop in price after the December press release was causally related to the misrepresentation on November 10.
Plaintiffs filed this action on December 6, 2017. Docket No. 1. On March 15, 2018, the Court appointed Michael Eckert and Edwin Bell as interim co-lead plaintiffs. Docket No. 31. Plaintiffs filed the First Amended Class Action Complaint ("FAC") on June 13, 2018. Docket No. 57 ("FAC"). Thereafter, Defendants Shahbazi and Kunze, PayPal Holdings, Rainey, Schulman, TIO Networks ULC, TIO Networks USA, Inc. filed motions to dismiss the FAC. Docket Nos. 59, 61. The Court held argument and took the matter under submission.
When evaluating a motion to dismiss for failure to state a claim upon which relief can be granted, a court must "accept as true all factual allegations in the complaint and draw all reasonable inferences in favor of the nonmoving party." Retail Prop. Trust v. United Bhd. of Carpenters & Joiners of Am., 768 F.3d 938, 945 (9th Cir. 2014). However, in order for Plaintiffs to survive a 12(b)(6) motion to dismiss, they must plead "more than labels and conclusions, and a formulaic recitation of the elements of a cause of action." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). The Court is "not bound to accept as true a legal conclusion couched as a factual allegation." Id.; accord Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) ("Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice."). A plaintiff must plead sufficient factual allegations to state a plausible claim for relief. Twombly, 550 U.S. at 570. "The plausibility standard is not akin to a 'probability requirement,' but it asks for more than a sheer possibility that a defendant has acted unlawfully." Iqbal, 556 U.S. at 678 (quoting Twombly, 550 U.S. at 557).
The PSLRA imposes additional pleading requirements. Ronconi v. Larkin, 253 F.3d 423, 429 (9th Cir. 2001). "In alleging fraud or mistake, a party must state with particularity the circumstances constituting fraud or mistake." Fed. R. Civ. P. 9(b). In order to "properly allege falsity, a securities fraud complaint must now 'specify each statement alleged to have been misleading, the reason or reasons why the statement is misleading, and, if an allegation regarding the statement or omission is made on information and belief, . . . state with particularity all facts on which that belief is formed.' " In re Rigel Pharm., Inc. Sec. Litig., 697 F.3d 869, 876-77 (9th Cir. 2012) (quoting 15 U.S.C. § 78u-4(b)(1)) (marks of omission in original).
Scienter must also be pled with greater particularity. For a private securities fraud complaint to survive a Rule 12(b)(6) motion to dismiss, pleadings must raise a "strong inference" that Defendants made misleading statements to investors knowingly or with deliberate recklessness. Ronconi, 253 F.3d at 429. In particular, a "plaintiff may recover money damages only on proof that the defendant acted with a particular state of mind, the complaint shall, with respect to each act or omission alleged to violate [section 10(b)], state with particularity facts giving rise to a strong inference that the defendant acted with the required state of mind." 15 U.S.C.A. § 78u-4 (West). The term scienter for the purposes of section 10(b) "refers to a mental state embracing intent to deceive, manipulate, or defraud." Ernst & Ernst v. Hochfelder, 425 U.S. 185, 193 n.12 (1976). A plaintiff must show that "the defendants made false or misleading statements either intentionally or with deliberate recklessness." Zucco Partners, LLC v. Digimarc Corp., 552 F.3d 981, 991 (9th Cir. 2009), as amended (Feb. 10, 2009). Plaintiffs' assertion of a strong inference of scienter "must be more than merely plausible or reasonable—it must be cogent and at least as compelling as any opposing inference of nonfraudulent intent." Tellabs, Inc. v. Makor Issues & Rights, Ltd. 551 U.S. 308, 314 (2007). When evaluating scienter, a court must "engage in a comparative evaluation," and must consider "not only inferences urged by the plaintiff," but the court must also consider "competing inferences rationally drawn from the facts alleged." Id.
"Section 10(b) of the Securities Exchange Act of 1934 makes it unlawful for 'any person . . . [t]o use or employ, in connection with the purchase or sale of any security registered on a national securities exchange . . . any manipulative or deceptive device or contrivance in contravention of such rules and regulations as the Commission may prescribe as necessary or appropriate in the public interest or for the protection of investors." Zucco Partners, LLC, 552 F.3d at 990 (quoting 15 U.S.C. § 78j(b)) (Internal quotation marks omitted) (Alterations in original).
Rule 10b-5 states:
It shall be unlawful for any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce, or of the mails or of any facility of any national securities exchange, (a) To employ any device, scheme, or artifice to defraud, (b) To make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading, or (c) To engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person, in connection with the purchase or sale of any security.17 C.F.R. § 240.10b-5. "The SEC promulgated Rule 10b-5 pursuant to authority granted under § 10(b) of the Securities Exchange Act of 1934, 15 U.S.C. § 78j(b). Although neither Rule 10b-5 nor § 10(b) expressly creates a private right of action, [the Supreme] Court has held that 'a private right of action is implied under § 10(b).' " Janus Capital Grp., Inc. v. First Derivative Traders, 564 U.S. 135, 141-42 (2011) (quoting Superintendent of Ins. of N.Y. v. Bankers Life & Casualty Co., 404 U.S. 6, 13, n. 9(1971)).
To succeed on a claim under section 10(b) and Rule 10b-5, a plaintiff must show: "(1) a material misrepresentation or omission; (2) scienter; (3) a connection between the misrepresentation or omission and the purchase or sale of a security; (4) reliance; (5) economic loss; and (6) loss causation." Oregon Pub. Employees Ret. Fund v. Apollo Grp. Inc., 774 F.3d 598, 603 (9th Cir. 2014) (citing Stoneridge Inv. Partners, LLC v. Scientific-Atlanta, Inc., 552 U.S. 148, 157 (2008)). A complaint asserting claims under section 10(b) and Rule 10b-5 "must satisfy the dual pleading requirements of Federal Rule of Civil Procedure 9(b) and the PSLRA." Zucco Partners, LLC, 552 F.3d at 990. A. Request for Judicial Notice
Before evaluating the merits of the motions to dismiss, the Court addresses Defendants' request for judicial notice. Defendants filed a request for judicial notice in support of their motion to dismiss. Docket No. 62 ("D's RJN"). Defendants request that the Court take judicial notice of:
• Exhibit A, PayPal Annual Report on Form 10-K for the year ended December 31, 2016, filed with the SEC on February 8, 2017;
• Exhibit B, PayPal Annual Report on Form 10-K for the year ended December 31, 2016, filed with the SEC on February 8, 2017;
• Exhibit C, PayPal Press Release titled PayPal Completes Acquisition of TIO Networks, dated July 18, 2017;
• Exhibit D, PayPal Press Release titled TIO Networks Suspends Operations to Protect Customers, dated November 10, 2017;
• Exhibit E, Announcement regarding the suspension of TIO's operations that was posted on TIO's website, www.tio.com, on November 10, 2017;
• Exhibit F, PayPal Press Release titled TIO Networks Provides Update on Suspension of Operations, dated December 1, 2017.
Plaintiffs only oppose the request "to the extent that Defendants ask that the Court consider the truth of the matter asserted within the noticed documents." Docket No. 65 at 2 ("Opp. to D's RJN").
Incorporation by reference "treats certain documents as though they are part of the complaint itself." Khoja v. Orexigen Therapeutics, Inc., 899 F.3d 988, 1002 (9th Cir. 2018). The incorporation by reference "doctrine prevents plaintiffs from selecting only portions of documents that support their claims, while omitting portions of those very documents that weaken—or doom—their claims." Id. The Court may incorporate a document by reference where the plaintiff has referred "extensively to the document or the document forms the basis of the plaintiff's claim." U.S. v. Ritchie, 342 F.3d 903, 907 (9th Cir. 2003). The doctrine permits the Court "to take into account documents 'whose contents are alleged in a complaint and whose authenticity no party questions, but which are not physically attached to the [plaintiff's] pleading.' " Knievel v. ESPN, 393 F.3d 1068, 1076 (9th Cir. 2005) (quoting In re Silicon Graphics Inc. Sec. Litig., 183 F.3d 970, 986 (9th Cir. 1999)) (Alteration in original). For the motions at bar, the Court relies only on Exhibit D, Exhibit E, and Exhibit F. These three documents can be incorporated by reference because Plaintiffs reference them throughout the FAC and they form "the basis the plaintiff's claim." Khoja, 899 F.3d at 1002 (quoting Ritchie, 342 F.3d at 907).
The Court incorporates by reference Exhibits D, E and F, but not for the purposes of assuming the truth of the matters asserted. See id. at 1003 ("[I]t is improper to assume the truth of an incorporated document if such assumptions only serve to dispute facts stated in a well-pleaded complaint. This admonition is, of course, consistent with the prohibition against resolving factual disputes at the pleading stage."). The Court takes judicial notice of the fact that the press releases were issued on November 10, 2017 and December 1, 2017 informing the public of the information contained in them.
The remaining documents: Exhibit A, "PayPal Annual Report on Form 10-K for the year ended December 31, 2016, filed with the SEC on February 8, 2017"; Exhibit B, "PayPal Press Release titled PayPal to Acquire TIO Networks, dated February 14, 2017"; Exhibit C, "PayPal Press Release titled PayPal Completes Acquisition of TIO Networks, dated July 18, 2017", were not relevant to the Court's decision. The requests for judicial notice of Exhibits A, B and C are thus denied as moot. See Heinrichs v. Wells Fargo Bank, N.A., No. C 13-05434 WHA, 2014 WL 985558, at *3 (N.D. Cal. Mar. 7, 2014) (finding that where it was "unnecessary to consider" the documents to be judicially noticed, the request was denied as moot). B. Falsity
Plaintiffs' claim satisfies the pleading requirements for falsity. The challenged statement arises from the November 10 press releases. FAC ¶ 36-38. To prove falsity for the purposes of section 10(b) and Rule 10b-5, a plaintiff must "specify each statement alleged to have been misleading, [and] the reason or reasons why the statement is misleading." 15 U.S.C. § 78u-4(b)(1). A literally true statement "can be misleading and thus actionable under the securities laws." Brody v. Transitional Hosps. Corp., 280 F.3d 997, 1006 (9th Cir. 2002) (citing In re GlenFed Sec. Litig., 42 F.3d 1541, 1551 (9th Cir. 1994)). "Often, a statement will not mislead even if it is incomplete or does not include all relevant facts." Brody, 280 F.3d at 1006. "To be actionable under the securities laws, an omission must be misleading; in other words it must affirmatively create an impression of a state of affairs that differs in a material way from the one that actually exists." Id. (citing McCormick v. The Fund American Cos., 26 F.3d 869, 880 (9th Cir. 1994)).
Plaintiffs contend that the November 10 press releases were false "because they disclosed only a security vulnerability, rather than an actual security breach, which PayPal and TIO did not acknowledge had been detected." FAC ¶ 38. In particular, Plaintiffs allege "that an unknown but unauthorized person or entity was at that time logged in to TIO's networks and had access to the financial information of 1.6 million users." Id. ¶ 4.
Defendants argue that to find the November 10 press releases misleading, the statements must have affirmatively created the impression that the TIO network had not been breached. Mot. at 10. Furthermore, Defendants contend that because they made assurances that the PayPal platform was secure but made no such assurances regarding TIO's platform, "the obvious implication" was that "TIO's customers' data did not 'remain secure.' " Id. at 8 (Emphasis in original). Defendants rely on Brody v. Transitional Hospitals Corp. In Brody, the Ninth Circuit held that it was not misleading to provide information about a stock purchase program without reference to a possible takeover. Brody, 280 F.3d at 1006. The Ninth Circuit found that it was not misleading in part because "[t]he actual press release . . . neither stated nor implied anything regarding a merger." Id. The present case differs from Brody. Whereas there was nothing said in Brody that would affirmatively create an impression about the state of affairs, here, Defendants purported to disclose a "vulnerability" in TIO's security which triggered an investigation and review. This disclosure could plausibly have created an impression that only a potential vulnerability and not an actual breach had been discovered, and certainly not one which threatened the privacy of 1.6 million users. See Berson v. Applied Signal Tech., Inc., 527 F.3d 982, 987 (9th Cir. 2008) (finding that "[i]t goes without saying that investors would treat" a risk and a certainty differently). C. Scienter and Loss Causation
In the instant case, scienter must be viewed in the context of Plaintiffs' loss causation theory. Plaintiffs allege that the public's awareness of a data breach of 1.6 million customers led to the 5.75% drop in the price of PayPal's stock. Opp. at 21. Significantly, it appears that Plaintiffs' theory of loss causation is predicated on the market reaction not only to the information that TIO suffered a data breach, but to the fact that confidential information of 1.6 million customers had been potentially compromised. According to Plaintiffs, "Defendants' fundamental misrepresentation of the timeline of events concealed (a) the compromise of personally identifiable information for approximately 1.6 million customers; and (b) the failure of PayPal to protect users' highly sensitive financial information" led to the drop in price. Opp. at 21; see also FAC ¶ 4.
Therefore, to succeed based on Plaintiffs' theory of loss causation, they must plead (in a manner that meets the heightened pleading requirements for scienter) that Defendants knew not only of an actual breach, but that the privacy of 1.6 million customers had been potentially compromised. In re Gilead Scis. Sec. Litig., 536 F.3d 1049, 1055 (9th Cir. 2008) (quoting In re Daou Sys., Inc., 411 F.3d 1006, 1014 (9th Cir.2005)) (recognizing that a plaintiff must "demonstrate a causal connection between the deceptive acts that form the basis for the claim of securities fraud and the injury suffered by the plaintiff").
Plaintiffs rely on the three FEs to support a finding of scienter. FE1 stated that on November 10, 2017, "[w]e were told they suspected or saw that someone had access to confidential information for customers" and that "[t]hey shut down service to complete the investigation." FAC ¶ 32. Similarly, FE2 stated that in early November 2017, "they discovered 'someone in the system.' " Id. ¶ 33. FE3 shared a similar account that "employees of TIO learned of a security breach in early November when TIO announced it had discovered a vulnerability." Id. ¶ 34.
The three FEs at most establish that some of the Defendants may have known that there was some breach in TIO's platform. They do not substantiate allegations that Defendants on November 10, 2017, "determined that an unknown but unauthorized person or entity was at that time logged in to TIO's networks and had access to the personal financial information of 1.6 million users." Id. ¶ 4 (Emphasis added). None of the FEs state Defendants knew on November 10, 2017 of the magnitude of the breach affecting 1.6 million customers or the fact that personal identifiable information of those customers had been accessed.
Plaintiffs' FAC and its reliance on the three FEs fail to satisfy the scienter of the falsity upon which their alleged loss is predicated. D. Control Liability 20(a)
Section 20(a) provides:
Every person who, directly or indirectly, controls any person liable under any provision of this chapter or of any rule or regulation thereunder shall also be liable jointly and severally with and to the same extent as such controlled person to any person to whom such controlled person is liable, unless the controlling person acted in good faith and did not directly or indirectly induce the act or acts constituting the violation or cause of action.Securities Exchange Act of 1934, § 20(a), 15 U.S.C.A. § 78t(a). For a section 20(a) claim, Plaintiffs "must show that a primary violation was committed and that the defendant 'directly or indirectly' controlled the violator." Paracor Fin., Inc. v. Gen. Elec. Capital Corp., 96 F.3d 1151, 1161 (9th Cir. 1996). "Section 20(a) claims may be dismissed summarily . . . if a plaintiff fails to adequately plead a primary violation of section 10(b)." Zucco Partners, LLC, 552 F.3d at 990. As Plaintiffs' claim fails to adequately plead a cause of action under section 10(b), the Court dismisses Plaintiffs' section 20(a) claim.
Defendant Shahbazi filed a separate motion to dismiss. He raises two arguments: (1) Plaintiffs failed to plead an underlying claim, so a section 20(a) claim cannot survive; and (2) Plaintiffs failed to allege specific facts establishing Defendant Shahbazi's control over a primary violator. As explained, Plaintiffs failed to establish an underlying claim; thus, Defendant Shahbazi's motion to dismiss is granted.
Plaintiffs in alleging a section 20(a) claim cannot rely "on boilerplate allegations; they must provide some factual support that defendants were in a position to control a primary violator." In re Int'l Rectifier Corp. Sec. Litig., No. CV07-02544-JFWVBKX, 2008 WL 4555794, at *22 (C.D. Cal. May 23, 2008). Control person liability is premised on the control relationship. Hollinger v. Titan Capital Corp., 914 F.2d 1564, 1575 (9th Cir. 1990). "Courts have found 'general allegations concerning an individual's title and responsibilities' to be sufficient to establish control at the motion to dismiss stage." In re Energy Recovery Inc. Sec. Litig., No. 15-CV-00265-EMC, 2016 WL 324150, at *25 (N.D. Cal. Jan. 27, 2016) (quoting In re Metawave Communications Corp. Sec. Litig., 298 F.Supp.2d 1056, 1087 (W.D. Wash. 2003)).
Plaintiffs contend that Defendant Shahbazi "continued to direct the operations of PayPal's TIO services in his capacity as Vice President of Bill Pay for PayPal, a position that Shahbazi held" through the class period. Opp. at 23. Plaintiffs allege that Defendant Shahbazi "reported directly to Kunze, who oversaw the integration of TIO into PayPal on a day-to-day basis and was the President of TIO USA, at all relevant times." Id.; FAC ¶¶ 20, 27. The FAC also asserts that Defendant Shahbazi "has continued to direct the operations of PayPal's TIO services. Throughout the Class Period, Shahbazi was responsible for the operations of TIO and its subsidiaries." Id. ¶ 19. These conclusory allegations of control over day-to-day activities are insufficient to establish control person liability. In re Volkswagen "Clean Diesel" Mktg., Sales Practices, & Prod. Liab. Litig., No. 2672 CRB (JSC), 2017 WL 66281, at *19 (N.D. Cal. Jan. 4, 2017), reconsideration denied, 258 F. Supp. 3d 1037 (N.D. Cal. 2017) (rejecting a finding of control person liability based on position on the Management Board and conclusory allegations that a defendant was "involved in the day-to-day operations of, and exercised power and control over" companies including "their public statements and regulatory action"). For these reasons, Defendant Shahbazi's motion to dismiss is granted for the additional reason that Plaintiffs have not alleged sufficient factual allegations to establish control person liability. /// /// /// /// /// /// ///
Therefore, the Court grants Defendants' motion to dismiss the FAC without prejudice pursuant Rules 9(b) and 12(b)(6). Plaintiffs have leave to amend the FAC within thirty (30) days from the date of this order.
This order disposes of Docket Nos. 59 and 61.
IT IS SO ORDERED. Dated: December 13, 2018
EDWARD M. CHEN
United States District Judge