Another week, another disaster for cybersecurity firm CrowdStrike, which is now being sued by its investors.
In a class action lawsuit filed in Texas by pension fund Plymouth County Retirement Association, investors argue they were misled by CrowdStrike—which they say told them its technology was “validated, tested and certified.”
It comes after a botched CrowdStrike update caused millions of Windows computers around the world to crash on July 19. CrowdStrike quickly issued a its preliminary Post Incident Review, which describes how an issue with the tool that tests the testing software was responsible for the error that led Windows machines to display the dreaded blue screen of death.
The suit alleges that CrowdStrike failed to disclose it “had instituted deficient controls in its procedure for updating Falcon and was not properly testing updates to Falcon before rolling them out to customers.”
It said that “this inadequate software testing created a substantial risk that an update to Falcon could cause major outages for a significant number of the Company’s customers.”
Lastly, it alleges CrowdStrike failed to disclose that “such outages could pose, and in fact ultimately created, substantial reputational harm and legal risk to CrowdStrike.”
The suit claims this meant CrowdStrike “traded at artificially high prices” until the outage.
“We believe this case lacks merit and we will vigorously defend the company,” a CrowdStrike spokesperson says.
CrowdStrike Fall Out
Two weeks after the incident, the fall out from CrowdStrike is already huge. This week, airline Delta claimed the massive outage had cost the firm $500m, according to U.K. newspaper the Guardian. Speaking on CNBC, Ed Bastian, CEO of Delta Air Lines, said CrowdStrike outage costs included compensation and hotel stays for delayed passengers.
The past weeks following the CrowdStrike incident has seen an apology from the firm’s CEO George Kurtz as well as Uber Eats vouchers sent out to partners affected by the outage—which were blocked by Uber when too many people claimed at once. Microsoft has also explained its Windows security and update processes following the incident.
The company says nearly all Windows machines are back up and running. However, the fall out is continuing way beyond the initial event.