Readers of this blog know that two important current litigation trends involve the filing of claims relating to cybersecurity incidents and the filing of COVID-19-related claims. A new securities class action lawsuit filed this week touched on both of these securities suit filing trends. Secure technology company Telos Corporation was hit with a securities suit following a decline in the price of its shares after the company experienced revenue delays owing to cybersecurity and coronavirus related “headwinds” that postponed the company’s performance of two key contracts. A copy of the plaintiffs’ complaint filed on February 7, 2022 against Telos can be found here.
Telos focuses on developing and implementing cyber, cloud, and enterprise security technology and products. In July 2020, the company entered a ten-year contract with the Transportation Security Administration (TSA) to provide services in connection with the TSA Pre-Check program. In October 2020, the company entered a contract with the Centers for Medicare and Medical Services (CMS) to provide technology security services.
In November 2020, the company completed its IPO. Among other things, the offering documents referenced the company’s “rapidly accelerating revenue growth beginning in 2021 and 2022” due in part to the significant revenue stream the TSA and CMS contracts would generate. At the time of the IPO, Telos reported that the TSA contract would launch in early 2021 and that the Company would begin providing services under the CMS contract in 2021.
According to the subsequently filed securities complaint, in several public statements following the IPO, the company assured the market that it was on track to commence work on the TSA and CMS contracts as scheduled, and in reliance on revenue from these contracts, affirmed its revenue guidance. Even after it became apparent as early as August 2021 that the two contracts were experiencing “headwinds” the company allegedly continued to affirm its revenue guidance.
On November 15, 2021, in the company’s earnings call regarding its third quarter 2021 results, the company’s CFO disclosed that the CMS and TSA contracts would be delayed with the TSA PreCheck work commencing in 2022 and the CMS contract push back until after the full year 2022. The company’s CEO blamed the TSA delay on new mandatory cybersecurity requirements being imposed due to recent cyber attacks. The CEO blamed the delay in the CMS contract to the fact that “government agencies have not been reverting back to full in-person fingerprinting” due to the COVID-19 pandemic.
According to the securities suit complaint, the company’s share price declined more than 28% on this news.
On February 7, 2022, a plaintiff shareholder filed a securities class action lawsuit in the Eastern District of Virginia against Telos and certain of its directors and officers. The complaint purports to be filed on behalf of a class of investors who purchased the company’s securities between November 19, 2020 and November 12, 2021.
The complaint cites various reassuring statements the company allegedly made with respect to the timeliness of and revenue stream associated with the TSA and CMS contracts. The complaint alleges that “unbeknownst to investors … Telos lacked a reasonable basis for its repeated assurances regarding the schedule for executing the crucial TSA and CMA contracts.” The defendants, the complaint alleges, “did not disclose that these two contracts were in continual delay and management could not accurate forecast when work on these two contracts would commence.”
Specifically, the complaint alleges that the defendants failed to disclose that: “(1) the TSA and CMS contracts, which constituted a majority of the Company’s future revenues, were not on track to commence as represented at the end of 2021 and in 2022; (2) Defendants lacked a reasonable basis and sufficient visibility to provide and affirm the Company’s 2021 guidance in the fac of the uncertainty surrounding the TSA and CMS contracts; (3) COVID-19 and hacking scandal-related headwinds were throwing off the timing for performance of the TSA and CMS contacts and their associated revenues; (4) as a result, the guidance provided by Defendants was not in fact ‘conservative’; (5) as a result of the delays, Telos would be forced to dramatically reduce its revenue estimates; and (6) as a result of the foregoing, Defendants’ statements about Telos’ business, operations, and prospects, were materially false and/or misleading and/or lacked a reasonable basis.”
The complaint alleged that the defendants violated Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder. The complaint seeks to recover damages on behalf of the class.
Trend-watching can be a challenging thing. It is difficult enough to identify trends, but it is also a challenge populating the data set evidencing the trend. The COVID-19-related securities class action litigation trends is of course now nearly two years old and just as the pandemic itself has evolved over time, the pandemic-related litigation trend has changed as well. One feature of changing pandemic-related litigation wave is that as time has gone by it has become more and more challenging being able to say with definitional precision whether or not specific cases are or are not pandemic related.
Others may disagree with my view that this case qualifies as pandemic related. To be sure, the connection between this case and the pandemic may be more distant than might perhaps be the case with other lawsuits. However, the fact is that what this case is about is the delay of the company’s key contracts, and at least part of the reason for the delay has to do with COVID-19 related circumstances. In my view, that is enough of a connection to qualify this case as a COVID-19 related securities lawsuit.
Assuming for the sake of discussion that this case does in fact qualify as a COVID-19-related securities suit, this case is the third COVID-19-related securities suit to be filed so far in 2022 and the 47th COVID-19-related securities suit to be filed since March 2020.
As I have noted as these cases have accumulated over the last 23 months, the cases have generally fallen into one of three categories: cases involving companies that experienced a COVID-19 outbreak in their facilities (cruise ships, private prison systems); cases involving companies that hoped to profit from the pandemic (vaccine manufacturers, diagnostic testing companies); and cases involving companies that experienced a disruption in their operations or financial performance because of the pandemic (hospital systems, real estate developers). In late 2021, a fourth category developed involving companies that had initially prospered at the outset of the pandemic but whose fortunes flagged as conditions changed (e.g., Peloton Interactive, discussed here).
This case seems to fall into the third category, as the company experienced a disruption both in the contract performance and their revenue streams as a result of COVID-19-related circumstances. The significance of this observation to me is that it seems to suggest that as long as the coronavirus is continuing to cause disruptive conditions, it is going to continue to interfere with companies’ operations and finances, and therefore it is going to continue to beget securities litigation.
As I noted at the outset, this case is not only about COVID-19, it is also about cybersecurity. The delays in the TSA contract allegedly were due to the recent spate of cyber attacks. To be sure, the company itself did not experience a cybersecurity incident. Rather, general business conditions resulting from the intensity of cybersecurity conditions affected the TSA contract and the company’s revenue stream. The underlying circumstances show how cybersecurity-related conditions can affect companies and can translate into securities class action litigation. The impact on the company was something of a second-level knock on effect, but it still does show how cybersecurity conditions can affect companies – and can lead to securities suits.