Zoom (NASDAQ: ZM) stock's stellar performance in 2020 largely erased the volatility associated with the security flaws. However, shareholders who invested in the company at its IPO had to deal with substantial volatility associated with security incidents. For example, during the week ending April 3, 2020, Zoom stock declined 17% after news emerged of bugs, security flaws, and even vulnerabilities of the platform that opened doors for hackers to get access to confidential customer data.
Zoom stock also became quite volatile in the first year of its trading when its privacy policy drew investor attention, revealing that the company was collecting vast amounts of customer data, including phone numbers and location.
The optimism surrounding the company during the pandemic days was fueled by the positive remarks of the company management, led by Eric Yuan. For example, during an earnings call in June 2020, CEO Eric Yuan made the case for boosting revenue growth in light of the surging demand for the video platform and said:
"As I have mentioned earlier, the current environment has expanded Zoom's market opportunities and outlook as the increase in demand propelled us to a higher growth trajectory than originally planned for this year."
Security Issues And The Investor Lawsuit
These security mishaps forced many large clients to abandon the platform in early 2020, directly impacting Zoom stock negatively. For example, on March 28, 2020, SpaceX, led by Elon Musk, sent an email to its 6,000+ workforce banning the usage of Zoom due to security flaws. SpaceX wrote to employees:
"We understand that many of us were using this tool (Zoom) for conferences and meeting support. Please use email, text, or phone as alternate means of communication."
This announcement by SpaceX came just a day after Zoom accepted that it was not using standard end-to-end encryption for video conferences.
Zoom's usage of the term "end-to-end encryption" proved to be inaccurate, with Citizen Lab, a cybersecurity research firm, revealing in 2020 that Zoom's encryption practices do not meet the highest levels of standards in the market. Citizen Lab published a report in April 2020 revealing that Zoom used a non-standard encryption technology, misleading users and investors about the availability of end-to-end encryption. Matthew Green, a computer science professor at Johns Hopkins University, shared his opinion with The Intercept and claimed that Zoom's security practices were questionable. He said:
"They're a little bit fuzzy about what's end-to-end encrypted. I think they're doing this in a slightly dishonest way. It would be nice if they just came clean."
Zoom's misrepresentation of the technology used to protect the data and privacy of customers played a part in investors flocking behind the company's stock.
When Zoom's popularity skyrocketed in early 2020 due to pandemic-induced mobility restrictions, Zoombombing, a phenomenon where unauthorized users accessed Zoom meetings, gained popularity too. When these incidents started occurring frequently, large corporate clients decided to ditch Zoom for alternative platforms, leading to stock market volatility. For example, in April 2020, Google (NASDAQ: GOOG) (NASDAQ: GOOGL) banned employees from using Zoom on their corporate laptops due to security flaws.
According to the reports, Zoom knew about these security vulnerabilities but failed to disclose them adequately. Zoombombing involved unauthorized users accessing highly sensitive government meetings and disrupting online classes. The FBI issued a warning about classroom hijacking on March 30, 2020, due to the severity of these cases.
After these revelations, Zoom faced a class-action lawsuit from investors for falsely claiming "end-to-end encryption" while actually using less secure transport encryption and downplaying security vulnerabilities. Additionally, Zoom was accused of sharing confidential user data with third parties, like Facebook, without consent, violating international data-sharing rules.
Resolving The Case
Zoom has made several noteworthy improvements to the underlying technology of its video conferencing platform since 2020, and the company has also made progress toward establishing more transparent guidelines regarding the use of confidential customer data.
In response to this security threat, Zoom has improved the security features of the platform including offering password protection for meetings by default, promoting the use of waiting rooms to filter meeting participants, and enhancing host controls.
Moreover, to settle the allegations of the lawsuit, Zoom reached a deal with shareholders in October 2023 by agreeing to pay $150 million to affected investors. The company, however, did not acknowledge that it had conducted any wrongdoing and maintained the stance that the company's objective has always been to improve the customer experience while rewarding long-term shareholders.
Despite settling investor lawsuits and making improvements in security, Zoom finds itself up against tough competition from major players like Microsoft Teams (NASDAQ: MSFT) and Google Meet. Also, the issue of security remains critical in today's privacy-obsessed world, especially for Zoom, as it strives to regain trust among both consumers and investors to maintain a strong position in the competitive market.