Shareholders of CrowdStrike have filed a lawsuit in the United States alleging that the cyber security company misled them about the reliability of its technology. They claim that CrowdStrike covered up the fact that inadequate software testing led to a major incident on July 19, which caused millions of computers worldwide to crash.
The investigation has revealed that the outage was caused by a faulty update to the CrowdStrike Falcon managed detection and response sensor, which was approved for launch despite being flagged by a bug in the validator. This update triggered a fatal crash in susceptible Windows systems due to an out-of-bounds memory condition.
The resulting crashes affected over eight million computers across various industries such as aviation, education, financial services, healthcare, and retail. The incident is estimated to cost companies billions of dollars, with Fortune 500 companies alone expected to lose over $5.4 billion.
The lawsuit, filed in the US District Court for the Western District of Texas, accuses CrowdStrike CEO George Kurtz and others of misleading investors about the effectiveness of the Falcon platform. It alleges that CrowdStrike failed to disclose its deficient controls in the update process, which led to the outage and subsequent reputational and legal risks.
CrowdStrike denies the claims, stating that the lawsuit lacks merit and the company will vigorously defend itself. Meanwhile, Delta Air Lines is also pursuing legal action against CrowdStrike, with CEO Ed Bastian expressing disappointment in the handling of the incident. He emphasized the need for technology companies to test their products thoroughly before implementing them in critical operations. Delta incurred significant costs due to the outage and believes it has no choice but to take legal action.