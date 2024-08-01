CrowdStrike shareholders have filed a lawsuit in the United States in which they claim the cyber security firm made materially false and misleading representations about the integrity of its technology. They also claim that CrowdStrike defrauded them through covering up that inadequate attention to software testing could cause the 19 July incident that saw millions of computers crash around the world.

Based on the currently known facts of the investigation, the outage was caused by a faulty update to the CrowdStrike Falcon managed detection and response (MDR) sensor which was cleared for launch by a bugged automatic content validator. When it hit susceptible Windows systems, it caused an out-of-bounds memory condition leading to a fatal crash.

As a result of the crashes affecting more than eight million computers, organisations in diverse sectors including aviation, education, financial services, healthcare and retail found their operations disrupted, with airlines – particularly Delta Air Lines in the US – very badly affected.

Insurance firm Parametrix estimates Fortune 500 companies alone are set to lose over $5.4bn, and the incident may cost over $15bn when others are taken into account.

In the filing, made at the US District Court for the Western District of Texas in Austin, the Massachusetts-based pension and benefits provider Plymouth County Retirement Association, represented by New York law firm Labaton Keller Sucharow, accuses the defendants, which include CrowdStrike CEO George Kurtz and others, of repeatedly touting the efficacy of its Falcon platform while assuring investors that it was fully “validated, tested and certified” on a March 2024 earnings call.

The fund’s complaint alleges these statements were false and misleading because they failed to disclose that CrowdStrike had instituted “deficient controls” in the Falcon update procedure and was not properly testing them prior to rolling them out.

The lawsuit further contends that this “inadequate” software testing caused a substantial risk that a Falcon update could cause a serious outage of the type seen in July, and that these outages could, and did, create “substantial reputational harm and legal risk”.

Ultimately, the claimant says, this led to CrowdStrike stock – which has taken a hammering on global markets – to trade at “artificially high prices”.

In a statement to media, a CrowdStrike spokesperson said: “We believe the case lacks merit and will vigorously defend the company.”