CrowdStrike, a leading cybersecurity company, is facing a class action lawsuit from shareholders following a significant global outage caused by a faulty software update. The incident, which occurred on July 19, led to the crash of over 8 million computers worldwide and has resulted in severe disruptions across various sectors, including airlines, banks, hospitals, and emergency services.
The lawsuit, filed in Austin, Texas, by the Plymouth County Retirement Association, accuses CrowdStrike of making materially false and misleading statements about its software testing procedures. According to the complaint, these alleged misstatements were exposed during the outage, causing CrowdStrike's share price to plummet by 32% over 12 days, wiping out $25 billion in market value. The plaintiffs seek unspecified damages for holders of CrowdStrike Class A shares between November 29, 2023, and July 29, 2024.
CrowdStrike has refuted the allegations, stating, "We believe this case lacks merit and we will vigorously defend the company." Chief Executive George Kurtz and Chief Financial Officer Burt Podbere are also named as defendants in the suit.
The July 19 outage began after CrowdStrike released a content configuration update for its Windows sensor, designed to detect new potential threats. However, a bug in the test software caused a widespread shutdown of computers globally. The incident severely impacted operations at Delta Air Lines, which experienced a week-long disruption as 60% of its critical applications run on Microsoft Windows. Delta CEO Ed Bastian reported the outage cost the airline $500 million in lost revenue and compensation to customers.
"We're not looking to wipe them out, but we're looking to make certain that we get compensated however they decide to for what they cost us," Bastian told CNBC. He emphasized the necessity for thorough testing of software that interacts with mission-critical systems.
In response to the crisis, Kurtz issued an apology to affected customers, stating, "At CrowdStrike, our mission is to earn your trust by safeguarding your operations. I am deeply sorry for the disruption this outage has caused and personally apologize to everyone impacted. While I can't promise perfection, I can promise a response that is focused, effective, and with a sense of urgency."
The incident has not only drawn investor ire but has also resulted in legal repercussions for CrowdStrike. Delta Air Lines has reportedly hired prominent lawyer David Boies to seek damages. The cost of the outage, which affected an estimated 1% of all Windows PCs globally, has been estimated at $5 billion across Fortune 500 companies alone.
Adding to the company's woes, the outage has led to significant reputational damage. As Bastian noted, "If you're going to be having access, priority access to the Delta ecosystem in terms of technology, you've got to test the stuff. You can't come into a mission-critical 24/7 operation and tell us we have a bug. We have to protect our shareholders, our customers, our employees, for the damage, not just to the cost of it, but to the brand, the reputational damage."
Despite the severity of the incident, CrowdStrike's initial response included offering $10 UberEats gift vouchers to "teammates and partners" as a gesture of appreciation for their efforts in resolving the outage. However, these vouchers were promptly blocked by Uber over concerns of potential fraud.
