b'any plausible theory for scienter. In considering plaintiffsPlaintiffs filed a second amended complaint on January 8,allegations of material misstatements about Zendesks2021, dropping all claims except those relating to the EMEA and APAC performance, the court first noted thatdata breach. Defendants again moved to dismiss, which many of the statements plaintiffs alleged about 2018 or 1Qthe court granted, with leave to amend. The court again 2019 performance were merely describing performanceheld that plaintiffs failed to plead any false statement or and were not at all alleged to be false. The court foundomission of anything that Zendesk had a duty to disclose, Zendesks statements about global and regional demandfocusing on Zendesks data security improvements were consistent with eventual growth deceleration inbetween 2016 and 2019 when the challenged statements EMEA and APAC. The court disagreed with plaintiffs thatwere made, explaining that Zendesks 2019 statements Zendesks statements about adding to its salesforce toare plausibly consistent with Zendesk having a less robust grow enterprise business were false, instead concludingsecurity program in the past. Clarifying its prior order, the that Zendesk had indeed added to its salesforce but hadcourt emphasized that plaintiffs failed to allege a material simply not added enough people, or the right people,omission because the challenged statements were not to keep growth steady or accelerating, as Zendesk itselfmisleading given that, among other things, Zendesk acknowledged on its July 30, 2019 earnings call. This,warned it may experience an undetected data breach and the court held, was not indicative of falsity, particularlyimplied that, at some point, prior data security measures because plaintiffs failed to plead facts indicating Zendeskfailed. The court also explained that Zendesk could not lied about scaling. The court considered the otherhave had any duty to disclose the data breachbecause statements plaintiffs cited as not factual in nature,Zendesk was unaware of the breach[,] plaintiffs failed to including describing ANZ as a mission-critical marketallege that any defendant knew or should have known or describing Zendesks global footprint as a benefit.that someone shared AWS keys with a vendor in 2016, The court also held that Zendesk did not make anyand disclosure of multifactor authentication rollout and material omissions in failing to disclose information aboutpast AWS logging practices would have only served to the macroeconomic challenges related to Brexit or thebury shareholders in an avalanche of trivial information.U.S.-China trade war, or about Zendesks sales strategiesThe court found plaintiffs scienter arguments meritless[,] and leadership structure in EMEA and APAC, concludingholding that they failed to allege that any defendant had that plaintiffs failed to allege what Zendesk should haveknowledge of falsity or acted with conscious recklessness disclosed as to these factors, or what a reasonableas to the risk that any statement was misleading without investor may have perceived based on the total mix offurther disclosure. The court explained that plaintiffs information available.allegations indicate that defendants were simply The court also found that, with respect to scienter, [b] unaware of the breach until September 2019 which ased on the present allegations, Zendesks coursecontradict[s] any inference that Zendesk intended to of conduct was neither deceptive nor manipulative.deceive or defraud regarding the fact of the breach Instead, the court held that plaintiffs allegations gaveand given Zendesks lack of knowledge surrounding rise to the non-fraudulent inference, that Zendesk madethe data breach, the inference that Zendesks officers strategic mistakes that it later examined and beganacted with fraudulent intent when failing to disclose taking steps to fix.Zendesks past security mistakes rests on a multitude The court next considered whether failure to discloseof dubious premises. The court also rejected plaintiffs the 2016 data breach was actionable and concludedcore operations theory, holding it is far from absurd to that, although plaintiffs plausibly alleged a materialthink that in 2019, Zendesk officers were not aware or omission to the extent that the data breach would haveconsciously ignorant of a single episode in 2016 when been viewed by the reasonable investor as significant,someone at Zendesk shared AWS keys with a third-plaintiffs did not allege that Zendesk was aware of theparty vendor, let alone that Zendesk had implemented breach, or recklessly disregarded its occurrence. Themultifactor authentication just after that event. It similarly court noted that plaintiffs own allegations show thatrejected plaintiffs corporate or collective scienter theory, Zendesks data security improved between 2016, whenholding that, to the extent the Ninth Circuit permits such the breach occurred, and 2019, when the challengeda theory[b]ecause Zendesks public statements were statements were made, such that the challenged 2019neither false nor misleading, they could not have been so statements about the strength of Zendesks securitydramatically false as to create a strong inference that at systems at that time were plausibly consistent with havingleast some Zendesk officials knew of their falsity.a breach in 2016. The court found that, based on plaintiffsIn granting plaintiffs leave to amend, the court noted allegations, Zendesk was unaware of the breach untilthat it was appropriate given the possibility that plaintiffs September 2019, undermining any inference of scienter.relied on the prior orders statements regarding whether Finally, the court concluded that because plaintiffs failedthe [plaintiffs] had pleaded a material omission. Plaintiffs to state a predicate Section 10(a) claim, its 20(a) claimdecided not to amend, judgment was entered on also failed. March 23, 2021, and on April 20, 2021 plaintiffs filed a notice of appeal.47'