CrowdStrike sued after update caused global outages, likely more to come
AUSTIN (KXAN) — A lawsuit has been filed against CrowdStrike, accusing the cybersecurity company of making “false and misleading statements” about its operations in order to “artificially inflate” its stock price.
The Plymouth County Retirement Association brought the lawsuit, which was filed in the Western District Court of Texas on Tuesday. Judge Robert Pitman will preside over the case.
Lawyers for the association said that CrowdStrike, headquartered in Austin, Texas, misled investors by allegedly claiming its technology was “validated, tested, and certified.”
“CrowdStrike had instituted deficient controls in its procedure for updating Falcon and was not properly testing updates to Falcon before rolling them out to customers,” alleged the plaintiffs. “This inadequate software testing created a substantial risk that an update to Falcon could cause major outages for a significant number of the Company’s customers…and such outages could pose, and in fact ultimately created, substantial reputational harm and legal risk to CrowdStrike.”
On July 19, a bug in CrowdStrike’s Falcon Sensor program (a component in the company’s Falcon platform) caused computer systems to continually restart. A patch was quickly released, but the outages led to global disruptions in air travel, banking and other sectors.
This, along with Congress calling on the CEO to testify and Delta Air Lines’ announcement of a lawsuit, caused CrowdStrike’s stock price to drop to a current price of around $233. A week prior to July 19, the price was around $371.
According to CrowdStrike’s preliminary review of the incident, the bug was released due to an error in the the company’s Content Validator program, which approves updates prior to release. After that, another program automatically released the update.
“Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production,” the report stated.
CrowdStrike has since said it would take various measures to prevent the problem from recurring, including staggering the rollout of updates, giving customers more control over when and where they occur, and providing more details about the updates that it plans.
Tuesday’s lawsuit has accused the company of federal securities fraud and is seeking compensatory damages for those impacted.
The lawsuit is a class-action, opening up the possibility for damages to be awarded to other investors. Other legal firms have also asked for investors to contact them, potentially signaling additional lawsuits in the future.
“Plaintiff and [other investors] would not have purchased CrowdStrike stock at the prices they paid, or at all, if they had been aware that the market prices had been artificially and falsely inflated by Defendants’ misleading statements,” the lawsuit stated.
“We believe this case lacks merit and we will vigorously defend the company,” a CrowdStrike spokesperson told Nexstar’s KXAN via email.
The Associated Press contributed to this report.