vchalup - stock.adobe.com
Texas judge throws out second lawsuit over CrowdStrike outage
A US judge has dismissed a lawsuit filed by CrowdStrike shareholders over the July 2024 outage that caused widespread disruption around the world.
CrowdStrike has been granted a motion to dismiss a consumer class action lawsuit brought by shareholders who were affected by the now-infamous 19 July 2024 outage – prompted by a faulty sensor update – which crashed Windows PCs around the world causing widespread disruption and billions of pounds worth of losses.
The suit, filed on behalf of CrowdStrike investors in August 2024, accused the defendants, who included the company’s founder and CEO George Kurtz of making false and misleading statements over the efficacy of the Falcon platform at the centre of the outage.
It also alleged failings over software testing and quality assurance and claimed that CrowdStrike was seeking to maximise its profit by rushing untested updates.
Handing down his decision at the federal district court for the Western District of Texas in the city of Austin, US district judge Robert Pitman said the plaintiff’s claims were dismissed in their entirety in part because the shareholders had failed to establish any plausible motive of intent to commit securities fraud on CrowdStrike’s part.
It his judgment, Pitman said the court agreed with CrowdStrike that the statements it made were neither false or misleading when considered in the context from which the plaintiffs removed them. He wrote that the court concluded that if anybody was being misleading, it was the plaintiffs.
Rejecting other arguments, Pitman also said that corporate mismanagement did not, standing alone, give rise to a multibillion-dollar claim
“We appreciate the Court’s thoughtful consideration and decision to dismiss this case,” said CrowdStrike chief legal officer Cathleen Anderson in a brief statement.
The Reuters news agency earlier reported that the office of New York State comptroller Thomas DiNapoli, who led the lawsuit, is reviewing options following the decision.
Multiple actions
Last June, Pitman also dismissed another lawsuit brought by airline passengers who experienced delays and cancellations after the sudden blackout.
Pitman’s decision in this case was made on the basis that the US Airline Deregulation Act preempted the claims the plaintiffs were making against CrowdStrike. His ruling has effectively shielded CrowdStrike from consumer suits related to disruptions experienced by its customers.
However, a third lawsuit brought by US airline Delta is still working its way through the US legal system.
Delta was particularly badly affected by failures arising from the outage and was highly critical of CrowdStrike in the wake of the incident after it was forced to cancel thousands of flights and spend millions compensating stranded passengers and putting them up in airport hotels.
CrowdStrike and Microsoft have both claimed that Delta in fact rejected their offers of help during and after the disruption.
Single point of failure
The 2024 CrowdStrike outage stands as a stark reminder of the potential for a global catastrophe arising from unscheduled technical outages given the interconnected nature of cloud platforms, which enable single points of failure to cascade rapidly.
The scale of the problem was aptly demonstrated in November 2025, when web traffic management firm Cloudflare was hit by its worst outage in six years.
In an incident that bears some similarities to the CrowdStrike outage, Cloudflare had made a minor and seemingly innocuous change to a feature configuration file used by its Bot Management security system, which caused the file to grow larger than expected and propagate across the Cloudflare network, causing crashes and disrupting daily life on the world wide web for millions.
A month earlier, AWS customers experienced a 15-hour outage after the cloud giant experienced a series of cascading technical issues at a northern Virginia datacentre powering its US-East-1 region, and in June, Google Cloud went on the blink for many after an incorrect change to an application programming interface (API) management system triggered a crash loop.
Speaking to Computer Weekly’s sister title Search Cloud Computing today, Forrester principal analyst Lee Sustar said that such incidents are a “preview of what’s to come” and predicted more similar stories to come in 2026.
Sustar said that a combination of hyperscalers pivoting from legacy environments to GPU-centric datacentres to manage AI workloads, and ageing infrastructure, would likely lead to “major multiday outages” in the near future.
Read more about the CrowdStrike incident
- A botched software update at cyber security firm CrowdStrike has caused IT chaos around the world. Learn more about the global CrowdStrike update outage.
- The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps.
- A year has passed since the CrowdStrike outage caused widespread disruption to enterprise IT systems and infrastructure, but what has been learned from the situation?
