Cybersecurity firm CrowdStrike is facing a lawsuit from its shareholders following a faulty software update that crashed over eight million computers worldwide, causing significant disruption. The lawsuit, filed in federal court in Austin, Texas, alleges that CrowdStrike made “false and misleading” statements about its software testing processes.
According to the suit, CrowdStrike’s share price plummeted by 32% in the 12 days following the incident, resulting in a $25 billion (£14.5 billion) loss in market value. Shareholders claim that the company’s executives misled investors about the adequacy of their software testing, pointing to a statement from CEO George Kurtz in March, asserting that the software was “validated, tested and certified.”
CrowdStrike denies the allegations and has announced its intention to vigorously defend itself against the proposed class-action lawsuit. “We believe this case lacks merit,” a company spokesperson told BBC News.
The global IT outage, which began on July 19, has now been resolved. CrowdStrike reported that as of 5 p.m. local time on Monday, July 29 (00:00 GMT, Tuesday), the affected computers were effectively back to normal.
The lawsuit seeks unspecified compensation for investors who held CrowdStrike shares between November 29 and July 29. It alleges that CrowdStrike executives defrauded investors by falsely assuring them about the robustness of their software updates.
The disruption caused by the outage was widespread, impacting businesses and services globally, including airlines, banks, and hospitals. In an interview with CNBC, Delta Air Lines CEO Ed Bastian stated that the outage cost the airline $500 million in lost revenue and passenger compensation. Delta has reportedly hired a prominent lawyer and is preparing to seek compensation from CrowdStrike.
In a detailed review of the incident, CrowdStrike identified a “bug” in a system designed to ensure the proper functioning of software updates. The company acknowledged that the glitch allowed “problematic content data” in a file to go undetected. CrowdStrike has stated that it will implement better software testing and more stringent checks to prevent a recurrence of the incident.