US cyber security company CrowdStrike, its CEO, and its CFO have been sued by a group of shareholders after a bug in a software update released in July caused more than 8.5 million computers around the world to crash.
The outage involving machines running Microsoft’s Windows operating system is believed to be the largest IT outage in history.
CrowdStrike blamed a faulty software testing program for allowing the bug to get through its quality-control systems, causing the outage which affected numerous businesses and organisations such as banks, airlines, supermarkets and news broadcasters.
The class action lawsuit, filed on Tuesday in Austin, Texas, has accused CrowdStrike of misleading shareholders about its Falcon software platform, which was the cause of the recent outage.
The complaint cited comments by CrowdStrike CEO George Kurts, who allegedly told a 5 March conference call that the company’s software was “validated, tested, and certified”.
Kurtz and CrowdStrike’s Chief Financial Officer, Burt Podbere, are both defendants in the case.
The complaint alleged CrowdStrike had not been properly testing Falcon updates before rolling them out, which led to “a substantial risk” that an update could cause a major outage.
It also alleged the resulting outage in July led to “substantial reputational harm and legal risk” to the company.
CrowdStrike, its CEO George Kurtz, and CFO Burt Podbere are all defendants in the case. Photos: CrowdStrike / Supplied
The lawsuit has been brought by New York law firm Labaton Keller Sucharow, on behalf of its client the Plymouth County Retirement Association and anyone who purchased or acquired CrowdStrike stock between 29 November 2023 and 29 July 2024.
The firm said it believed “materially false and misleading statements and omissions” by CrowdStrike led to the company’s stock being traded “at artificially high prices” during that period.
Lawyers in the class action said shares of CrowdStrike fell around 11 per cent when the outage occurred on 19 July, before falling another 13.5 per cent on 22 July when CEO Kurtz was asked to testify before US Congress, and CrowdStrike’s stock rating was downgraded by analyst firms.
The lawyers said CrowdStrike shares fell 10 per cent on 29 July, when it was reported that major US airline Delta had hired a prominent attorney to seek damages from the company, alleging the outage cost it more than $535 million ($US350 million) due to delays and cancelled flights.
In a statement to the Reuters news agency, CrowdStrike said: "We believe this case lacks merit and we will vigorously defend the company."
CrowdStrike could still face further lawsuits related to its recent outage.
The Australian government has not yet provided an estimate of how much the outage may have cost the national economy.
Microsoft has already flagged possible security changes in the wake of the outage, including potentially limiting the level of access provided to cyber security and antivirus software within Windows.
