CrowdStrike Faces Lawsuits From Customers, Investors

Share This Post

CrowdStrike (NASDAQ: CRWD) is facing lawsuits from investors and customers following the incident that caused massive global outages, but some believe the company is likely shielded from legal action. 

Roughly 8.5 million Windows devices worldwide entered a Blue Screen of Death (BSOD) loop on July 19 after CrowdStrike pushed out a bad update that was not properly tested.

The incident caused problems for organizations in sectors such as aviation, financial, healthcare, and education, and it took roughly one week for most devices to be restored

Insurer Parametrix estimates that the total direct financial loss for US Fortune 500 companies — excluding Microsoft — is $5.4 billion, with the total loss estimated at $15 billion. Parametrix believes that only 10-20% of the losses suffered by Fortune 500 customers will be covered by insurance. 

Parametrix reported that airlines suffered the biggest losses — $143 million on average. One airline, Delta, was particularly badly hit, struggling for several days to recover from the outage caused by the CrowdStrike update. 

CNBC reported on Monday that Delta has hired a prominent attorney to pursue potential damages from both CrowdStrike and Microsoft. Delta is estimated to have lost between $350 million and $500 million due to the outages. 

Delta is dealing with more than 176,000 refund or reimbursement requests after being forced to cancel thousands of flights. The airline has hired David Boies, an attorney known for representing the US government in an antitrust case against Microsoft. He also worked with former Hollywood mogul Harvey Weinstein and Theranos founder Elizabeth Holmes.

In addition to the potential Delta lawsuit, CrowdStrike faces a class action by investors. The law firm Labaton Keller Sucharow announced on Tuesday that it filed a securities class action on behalf of its client, the Plymouth County Retirement Association.

Advertisement. Scroll to continue reading.

The complaint alleges that CrowdStrike made “materially false and misleading statements and omissions” about its product updates, and the fact that updates could cause major outages and pose a substantial reputational harm and legal risk to the company. These statements and omissions allegedly caused CrowdStrike stock to trade at artificially high prices. 

Other law firms are also investigating a potential class action case on behalf of business owners impacted by the incident. 

However, as pointed out in a recent MarketWatch opinion piece, CrowdStrike may largely be shielded from direct financial impacts, due to software licenses limiting the developer’s liability, as well as the insurance held by the security firm and its customers.

CrowdStrike shares have fallen roughly 25% since the disruption, shaving off over $20 billion in the company’s market valuation. 

Related: Meta Agrees to $1.4B Settlement With Texas in Privacy Lawsuit Over Facial Recognition

Related: Facial Recognition Startup Clearview AI Settles Privacy Suit

This post was originally published on this site

More Articles

Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.