CrowdStrike faces shareholder lawsuit after global IT failure
Investors are lining up a class action lawsuit amid allegations CrowdStrike misled them
CrowdStrike faces lawsuits after it pushed out an update that sparked a global IT outage two weeks ago — the first of which comes from its own shareholders.
On July 19, CrowdStrike sent out a faulty update to its Falcon detection system, crashing 8.5 million devices running Microsoft Windows, wreaking havoc across media, airlines, banks and more.
CrowdStrike said on Monday that the majority of affected devices should be back to normal.
Yesterday, a group of shareholders filed a proposed class-action lawsuit in a US federal court, claiming that CrowdStrike misled them with regard to how software testing worked at the company, an allegation CrowdStrike denies.
That comes amid reports Delta is also considering seeking damages.
CrowdStrike Investor action
The lawsuit alleges that CrowdStrike misled or failed to tell investors that it had "instituted deficient controls in its procedure for updating Falcon and was not properly testing updates to Falcon before rolling them out to customers," according to a statement released by the legal team.
The statement added that the "inadequate software testing created a substantial risk" of a major outage, and that “ultimately created substantial reputational harm and legal risk to CrowdStrike."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The court filing alleges that cybersecurity expert commentary following the outage has "provided evidence that CrowdStrike was taking insufficient precautions regarding such updates, including running insufficient tests."
In the 12 days following the outage, CrowdStrike's market value slid by $25 billion, falling by 11% after the flawed update, a further 13% after CEO George Kurtz was called to congress to testify about the event, and then a further 10% on news that Delta Air Lines had hired a prominent attorney to seek damages, according to the investors' legal team.
The court filing added: "As a result of these materially false and misleading statements and omissions, CrowdStrike stock traded at artificially high prices" during the period referenced by the case.
CrowdStrike said in a statement to Reuters: "We believe this case lacks merit and we will vigorously defend the company."
The lawsuit was filed by Robbins Geller Rudman & Dowd on behalf of the Plymouth County Retirement Association and filed in Austin, Texas, where CrowdStrike is headquartered. It seeks unspecified damages.
Looming lawsuits
The shareholder lawsuit is the first to be filed, but CrowdStrike could face further legal action. The next might come via Delta Air Lines, with the CEO saying the company has "no choice" but to seek damages.
Delta CEO Ed Bastian told CNBC the outage cost the airline $500m (£390m) in lost revenue as well as costs to compensate stranded customers after more than 5,000 flights were cancelled. Delta had to manually reset 40,000 servers across the company.
"We have to protect our shareholders," Bastian said. "We have to protect our customers, our employees, for the damage, not just to the cost of it, but to the brand, the reputational damage."
He added: "If you’re going to be having access, priority access to the Delta ecosystem in terms of technology, you’ve got to test the stuff. You can’t come into a mission critical 24/7 operation and tell us we have a bug."
CrowdStrike is yet to respond to a request for comment from ITPro.