CrowdStrike, the cybersecurity company behind July’s mass computer outage around the world, has been issued with an investor lawsuit accusing it of defrauding investors.
The class action suit, filed in Texas by Plymouth County Retirement Association, a pension fund, argues that CrowdStrike misled investors by attesting that the company’s technology was “validated, tested and certified”. In fact, the investors say, CrowdStrike’s software was no such thing.
“Defendants had failed to disclose that: (1) CrowdStrike had instituted deficient controls in its procedure for updating Falcon and was not properly testing updates to Falcon before rolling them out to customers; (2) this inadequate software testing created a substantial risk that an update to Falcon could cause major outages for a significant number of the Company’s customers; and (3) such outages could pose, and in fact ultimately created, substantial reputational harm and legal risk to CrowdStrike.” As a result, the suit claims CrowdStrike traded at artificially high prices “until the mass outage brought its stock price back to earth”.
A CrowdStrike spokesperson said: “We believe this case lacks merit and we will vigorously defend the company.”
Lawsuits for securities fraud commonly come after almost any adverse corporate event: if the stock price went down for reasons that were not explicitly disclosed to investors beforehand, they may have success arguing that the lack of disclosure constituted fraudulent selling of the associated stock.
CrowdStrike is also facing more conventional legal consequences for the outage. On Wednesday, the chief executive of Delta Air Lines, Ed Bastian, estimated that the failure would ultimately cost his company $500m (£391m), after it forced the cancellation of more than 5,000 flights. He said the carrier had “no choice” but to seek damages as a result.
“If you’re going to be having access, priority access to the Delta ecosystem in terms of technology, you’ve got to test the stuff. You can’t come into a mission critical 24/7 operation and tell us we have a bug,” Bastian added. “We have to protect our shareholders. We have to protect our customers, our employees, for the damage, not just to the cost of it, but to the brand, the reputational damage.”
The cost of the outage, which crashed an estimated 1% of all Windows PCs in the world, has been estimated at $5bn just across the Fortune 500, the grouping of large American companies. Despite that, the company’s most prominent reaction, beyond its efforts at restoring service, was $10 UberEats gift vouchers sent to “teammates and partners” as a thank you for their work helping fix the outage, which was promptly blocked by Uber over fears of potential fraud.