Plaintiff stated a viable 10b-5 action against Google’s holding company based on its 10-Q which disclosed generic cybersecurity risks as a threat to the company, but didn’t disclose that Google had discovered three glitches in its Google+ programming that had exposing user personal data to an unknown group of program developers over a period of three years. Also, Google misleadingly stated that the risk factors had not changed. The complaint also adequately alleged scienter, showing that there was an internal memo which was passed to highest management discussing the program glitches and the potential effect that disclosure of the exposure of personal data would likely have on public trust in Google, on which its business depended.