Legislation & Litigation , Standards, Regulations & Compliance

CrowdStrike Faces Class Action Lawsuit Over Global IT Outage

Investors Say Cybersecurity Company Made False and Misleading Statements About Tech
CrowdStrike Faces Class Action Lawsuit Over Global IT Outage
Investors say the company misled them about its testing for updates. (Image: Shutterstock)

CrowdStrike is facing a putative class action lawsuit from investors arguing they were misled by the company and told its technology was "validated, tested and certified" before a faulty update triggered a global IT outage in late July.

The Plymouth County Retirement Association alleges that CrowdStrike employed inadequate controls and failed to properly test updates to its Falcon endpoint detection and response platform before rolling them out to customers and causing major widespread outages starting on July 19. The lawsuit also alleges that CrowdStrike stock was trading "at artificially high prices" as a result of "materially false and misleading statements and omissions."

Millions of Windows hosts were affected by the faulty CrowdStrike update, which led to disruptions at major hospitals and airports and a wide range of public safety concerns (see: Microsoft Sees 8.5M Systems Hit by Faulty CrowdStrike Update). The software flaw caused Windows PCs to display the infamous "blue screen of death" in an endlessly reoccurring system reboot.

CrowdStrike's stock prices plummeted nearly 32% following the global outage and wiped out nearly $25 billion of market value beginning July 19, according to the lawsuit. The investors said 911 hotlines became inoperable and airlines were forced to ground thousands of flights after a system issue allowed the update to go through without proper testing.

"Since the CrowdStrike Outage, publicly revealed evidence indicates that CrowdStrike was taking insufficient precautions regarding such updates," the lawsuit says.

Nearly all affected Windows PCs have resumed normal operations, according to CrowdStrike. CEO George Kurtz offered an apology on LinkedIn, saying: "I am deeply sorry for the disruption this outage has caused and personally apologize to everyone impacted."

"While I can’t promise perfection, I can promise a response that is focused, effective, and with a sense of urgency," Kurtz said, adding that the company's recovery efforts have been aided by automatic techniques. The CEO also said that CrowdStrike has published a preliminary incident report detailing additional steps it will take to prevent similar incidents.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.