Shareholder lawsuit over 2024 CrowdStrike outage dismissed as cybersecurity firm welcomes court ruling
Thousands of companies worldwide were impacted by the CrowdStrike outage in July 2024
A US court has dismissed an investor lawsuit against CrowdStrike over a 2024 outage that crashed more than eight million Windows PCs around the globe.
In the wake of the meltdown, lawsuits landed – including one from CrowdStrike's own shareholders alleging the company misled them over the quality of the software.
The lawsuit centered primarily around software testing and quality assurance. At the time, complainants accused the cybersecurity giant of "inadequate software testing" which "created a substantial risk".
Complainants argued that CrowdStrike "was taking insufficient precautions regarding such updates, including running insufficient tests."
"As a result of these materially false and misleading statements and omissions, CrowdStrike stock traded at artificially high prices" during the period referenced by the case," initial court filings noted.
CrowdStrike said at the time that the case lacked merit – and now it would seem the judge agrees, finding no evidence of executives intentionally misleading investors.
"The Court agrees with Defendants that the statements pointed to by Plaintiffs are neither false nor misleading when considered in the context from which Plaintiffs removed them," US District Judge Robert Pitman said in his ruling.
While Pitman did raise concerns over CrowdStrike statements regarding federal security requirements, according to Reuters, he added that the shareholders failed to show intent to defraud.
In a statement given to ITPro, Cathleen Anderson, chief legal officer at CrowdStrike, said: "We appreciate the Court’s thoughtful consideration and decision to dismiss this case."
The shareholder group was led by Thomas DiNapoli, the New York State Comptroller who oversees the New York State Common Retirement Fund, worth $291bn.
A spokesperson for DiNapoli told Reuters that the decision was "under review", while judge Pitman said the investors can attempt to amend the complaint.
What happened with the CrowdStrike outage?
The case centered on the massive outage caused by CrowdStrike in July 2024. On 19 July, CrowdStrike issued an update to its Falcon detection system that bricked some Windows computers and servers.
Issues in the wake of the update first came to light in Australia, with users reporting they were locked out of their devices. The incident escalated rapidly as more companies came online in the morning.
Thousands of companies globally were affected, including banks, airlines, and broadcasters.
The outage was quickly addressed, with most companies back online fully within days – though some took weeks to fully resolve, in part because that required rolling back or resetting devices.
Windows users globally were met with the dreaded 'Blue Screen of Death' following the botched update.
By 24 July, 97% of impacted devices were believed to be back up and running.
In the end, more than 8.5 million Windows computers were knocked offline during the outage, with costs to impacted companies estimated at $5.4 billion.
The wide impact of the incident led to CrowdStrike CEO George Kurtz being hauled before US Congress to testify.
The Delta-CrowdStrike case is still ongoing
Alongside the investor suit, Delta Air Lines initiated legal action, claiming the outage cost the airline $500 million (£390m) in lost revenue and customer compensation costs.
Delta had to cancel 5,000 flights and manually reset 40,000 servers as a result of the outage.
Ed Bastian, chief executive at the airline, said two weeks after the incident: "You can’t come into a mission critical 24/7 operation and tell us we have a bug."
While the investor suit has been dismissed, the Delta case continues, though no trial date has yet been set. In May of last year, a judge ruled the case could proceed on claims of gross negligence and computer trespass, but largely dismissed fraud allegations that went back before that incident.
CrowdStrike has countersued, noting that other airlines recovered more quickly than Delta.
In the meantime, developers are working to ensure their companies are ready for another outage, whether it comes from CrowdStrike, AWS or elsewhere.
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
What the new AWS European Sovereign Cloud means for enterprisesNews AWS has announced the general availability of its European Sovereign Cloud. Here's what the launch means for enterprises operating in the region.
-
Irish data center expansion plans draw fireNews A new plan to attract investment in energy intensive sectors will be bad for locals and the environment, critics say
-
CrowdStrike targets identity security gains with $740 million SGNL acquisitionNews The acquisition will expand CrowdStrike’s Falcon platform with new privilege and access capabilities to bolster agentic identity security
-
Startups get seal of approval from CrowdStrike, AWS, and Nvidia
News 35 startups are promised mentorship, technical expertise, go-to-market support, and ecosystem visibility
-
CrowdStrike layoffs to hit 500 staff as firm targets strategic AI shift
News CrowdStrike has announced plans to cut 500 roles, equivalent to 5% of its workforce, as the firm looks to maximize annual recurring revenue gains.
-
CrowdStrike eyes SaaS security gains with Adaptive Shield acquisitionNews Adaptive Shield’s capabilities will be integrated within CrowdStrike's Falcon security platform
-
BCS thanks IT staff for CrowdStrike workCEO Rashik Parmar says IT teams are often underappreciated, but have been working flat out to deal with the outage.
