CrowdStrike, the cybersecurity company that caused a massive global computer outage in July, has been sued for misleading investors.
A class action lawsuit filed in Texas by the Plymouth County Retirement Association, a pension fund, alleges that CrowdStrike misled investors by representing its technology as “verified, tested and certified,” when in fact, the investors allege, CrowdStrike's software was anything but.
“Defendants failed to disclose that: (1) CrowdStrike implemented insufficient controls over its Falcon update procedures and did not adequately test Falcon updates before deploying them to customers; (2) this improper software testing created a significant risk that the Falcon updates would cause widespread outages for many of the company's customers; and (3) such outages could, and ultimately did, result in significant reputational damage and legal risk for CrowdStrike.” As a result, the lawsuit alleges, “CrowdStrike's stock price was traded artificially inflated until the widespread outages allowed its stock price to recover.”
“We believe this lawsuit is without merit and will vigorously defend the company,” a CrowdStrike spokesperson said.
Securities fraud lawsuits typically arise after an adverse event has occurred for a company. If the reasons for a decline in a stock price were not clearly disclosed to investors in advance, a defendant may be able to prevail by arguing that the lack of disclosure constituted a fraudulent sale of the relevant shares.
CrowdStrike also faces more general legal liability for the outage. Delta Air Lines Chief Executive Ed Bastian estimated on Wednesday that the outage would force the cancellation of more than 5,000 flights and ultimately cost the company $500 million (£391 million). He said airlines had “no choice” but to seek damages as a result.
“To get priority access to the Delta ecosystem on the technology side, we need to test how it works. We can't just walk into a mission-critical operation that runs 24/7 and say there's a bug,” Bastian added. “We have to protect our shareholders. We have to protect our customers and employees, not just from costs but from damage to our brand and reputation.”
The outage, which crashed roughly 1% of Windows PCs worldwide, was estimated to have cost the Fortune 500 companies in the U.S. alone $5 billion. Nevertheless, the company's most visible response, aside from its efforts to restore service, was to thank “teammates and partners” who helped resolve the outage by sending $10 UberEats gift cards, though Uber quickly blocked the gift cards due to fears of possible fraud.
According to insurers, a global technology outage caused by a faulty CrowdStrike update is estimated to cost Fortune 500 companies in the United States $5.4 billion. Cybersecurity companies have pledged to take measures to prevent such incidents in the future.
The projected economic losses do not factor in tech giant Microsoft, which experienced widespread system outages during the event.
Banking, healthcare, and major airlines are anticipated to bear the brunt of the impact, as reported by insurance company Parametric. Total insured losses for Fortune 500 companies, excluding Microsoft, are estimated to range between $540 million and $1.08 billion.
The CrowdStrike outage led to the disruption of thousands of flights, hospitals, and payment systems, marking it as the largest IT outage in history. Companies across industries are still struggling to recover from the damages. This incident exposed the fragility of modern technology systems, where a single faulty update can halt operations globally.
CrowdStrike, a Texas-based cybersecurity company worth billions, has seen a 22% drop in its shares since the outage. It has apologized for causing the tech crisis and has released a report detailing the issues with the update.
The root cause of the outage was an update pushed to CrowdStrike’s Falcon platform, a cloud-based service aimed at protecting businesses from cyber threats. The update contained a bug that resulted in 8.5 million Windows machines crashing simultaneously.
CrowdStrike has committed to conducting more thorough testing of its software before updates and implementing staged updates to prevent similar widespread outages in the future. It also plans to provide a more detailed report on the outage’s causes in the upcoming weeks.
As one of the largest cybersecurity companies globally, valued at around $83 billion prior to the outage, CrowdStrike serves many Fortune 1000 companies worldwide. The impact of the failed update was substantial due to its broad reach, underscoring how heavily reliant companies are on similar products for their operations.
Several companies continue to face challenges in recovering from the outage, with Delta Air Lines still experiencing disruptions after canceling or rescheduling numerous flights. This situation has left frustrated passengers stranded. Panicked Parents Delta Air Lines has launched an investigation into reaching the affected children, and the U.S. Department of Transportation is investigating its handling of the matter.
“Where did CrowdStrike go wrong?” is, if anything, a slightly overly generalized question.
You can also think about it the other way around: if you push an update to every computer on your network at the same time, by the time you find a problem, it’s too late to contain the impact. Alternatively, with a phased rollout, the update is pushed to users in small groups, usually accelerating over time. If you start updating 50 systems at once and then they all immediately lose connection, you hope you notice the problem before you update the next 50 million systems.
If you don’t do a staged rollout, you need to test the update before pushing it to users. The extent of pre-release testing is usually up for debate; there are countless configurations of hardware, software, and user requirements, and your testing regime must narrow down what’s important, and hope that nothing is overlooked. Thankfully, if 100% of computers with the update installed experience crashes and become inoperable until you manually apply a tedious fix, it’s easy to conclude that you didn’t test enough.
If you’re not doing a staged rollout and testing the update before it ships, you need to make sure that: Not broken.
Broken
Many flights at Orlando, Florida’s airport were canceled or delayed amid the CrowdStrike crisis. Photo: Miguel J. Rodriguez Carrillo/Getty Images
In CrowdStrike’s defense, I can understand why this happened. The company offers a service called “endpoint protection,” which if you’ve been in the Windows ecosystem for a few years, might be easiest to think of as antivirus. It’s built for the enterprise market, not the consumer market, and not just protects against common malware, but also tries to prevent individual computers used by companies from gaining a foothold on the corporate network.
This applies not only to PCs used by large corporations that need to provide every employee with a keyboard and mouse, but also to any other business with large amounts of cheap, flexible machines. If you left your house on Friday, you know what that means: advertising displays, point-of-sale terminals, and self-service kiosks were all affected.
The comparison is relevant because CrowdStrike is in a space where speed is crucial. The worst-case scenario, at least until last week, is a ransom worm like WannaCry or NotPetya, malware that not only does significant damage to infected machines but also spreads automatically in and out of corporate networks. So its first line of defense operates quickly: Rather than waiting for a weekly or monthly release schedule for software updates, the company pushes out files daily to address the latest threats to the systems it protects.
Though limited, even a phased rollout could cause real damage. WannaCry destroyed many NHS computers during the few hours it spread unchecked, before being accidentally halted by British security researcher Marcus Hutchins while trying to figure out how it worked. In this scenario, a phased rollout could result in loss of life. Delays in testing could be even more costly.
That means updates shouldn’t cause this kind of problem: rather than new code that runs on each machine, updates are more like dictionary updates that tell already-installed CrowdStrike software what new threats to look out for and how to recognize them.
At the loosest level, you can think of it as something like this article: You’re probably reading it through some application, like a web browser, an email client, or the Guardian app. (If you’ve arranged for someone to print this and deliver it to you with your morning coffee, congratulations!) We haven’t done a staged rollout or full testing of the article, because nothing would happen there.
Unfortunately, the update pushed out on Friday actually did something. High-level technical details remain unclear, and until CrowdStrike reveals the full details, we’ll just take their word for it. The update, which was meant to teach the system how to detect a specific type of cyberattack that had already been seen in the wild, actually “introduced a logic error, causing the operating system to crash.”
I’ve been covering this sort of thing for over a decade now, and my guess is that this “logic error” boils down to one of two things: Either an almost incomprehensible failure condition occurs in one of the most complex systems mankind has ever built, causing a catastrophic event through an almost unthinkable combination of bad luck, or someone does something incredibly stupid.
Sometimes there are no classes
Consumer self-service kiosks operated by Britain’s South Western Railway were also affected. Photo: Anadolu/Getty Images
There have been a lot of comments over the past few days.
This is an inevitable evil that results from the concentration of power in the technology sector in just a few companies.
This is an inevitable consequence of the EU prohibiting Microsoft from restricting antivirus companies’ ability to tamper with basic levels of Windows.
This is the inevitable harm of cybersecurity regulation that focuses more on checking boxes than on actual security.
This wasn’t a security issue because no one was hacked – it was just a bug.
None of it worked. CrowdStrike, despite the disruption it caused, doesn’t wield much power. It’s one of the big players in the space, but it’s installed on only about 1% of PCs. Microsoft says: They claim that the failure happened only because of regulations.Meanwhile, in the alternative where third-party security companies can’t operate on Windows, with Microsoft setting itself up as the only line of defense, it looks like we’ll be in a world where the first big failure actually affects 100% of PCs.
Cybersecurity regulations have actually benefited companies that have adopted CrowdStrike, making complicated certification processes into a simple checkbox check, and maybe that’s a good thing: “Buy a product to be safe” is the only reasonable request for the vast majority of companies, and CrowdStrike has delivered, except for that one unfortunate time.
But unfortunate or not, it was definitely a security issue. The golden triangle of information security has three goals: confidentiality (are the secrets kept secret?), integrity (is the data correct?), and availability (can the system be used?). CrowdStrike could not maintain availability, which meant they could not protect their customers’ information security.
In the end, the only lesson I can take comfort in is that this is going to happen more. We’ve managed so well with so many of our society’s failures that the ones that hit us from now on will be more unexpected, more severe, and less prepared for. Just as a driver can become so confident in their cruise control that they lose control right before an accident, we’ve managed to make catastrophic IT failures so rare that recovering from them is a marathon effort.
Yay?
The Wider TechScape
Social media automatically distributes problematic content to young men with little oversight. Illustration: Nash Weerasekera/The Guardian
“A complete river of rubbish”: Josh Taylor of The Guardian Australia Facebook and Instagram Algorithms The blank account fueled sexism and misogyny.
Is the world’s largest search engine broken? Tom Faber asks Google It is losing momentum.
Is this the end? The Story of Craig Wright? Post The Court’s Full Decision Post on your Twitter feed that you feel like the last decade of your career is final.
Parents have even more reason to worry, as AI technology overwhelms capture efforts. Child Abuser.
and Roblox Back in the spotlight Child sexual abuse failureCritics say the company’s privacy stance makes things worse.
An extensive number of the 8.5 million devices affected by the recent global IT outage have been restored online, as reported by the cybersecurity company involved in the incident.
CrowdStrike mentioned that they are currently experimenting with technology to expedite the rebooting process of systems, while experts caution that recovering fully from the IT outage last Friday might take several weeks.
During the incident, numerous flights were canceled, broadcasters went off-air, medical appointments were disrupted, and countless PCs failed to boot after a CrowdStrike software update unintentionally caused devices using the Microsoft Windows OS to malfunction.
CrowdStrike posted updates on social media outlining the progress in resolving the glitch. According to an expert, this incident caused “the biggest IT outage in history.”
The US company stated, “A substantial number of the roughly 8.5 million Windows devices affected are now operational and back online.”
CrowdStrike remains focused on restoring all systems as quickly as possible, and of the approximately 8.5 million affected Windows devices, a significant number are back online and operational.
Working with our customers, we tested new techniques to accelerate the affected areas…
CrowdStrike mentioned ongoing tests for new methods to speed up the repair process of impacted systems, aiming to make this technology accessible to businesses and organizations.
Australia’s Home Affairs Minister confirmed that CrowdStrike plans to implement an automated fix similar to Microsoft’s to address this issue in an upcoming update.
Experts cautioned that affected computers might require manual repairs and could face prolonged restoration times since the outage.
Over 1,500 flights were canceled in the US for a third consecutive day, with Delta Airlines in Atlanta particularly struggling, while 45 flights were canceled in the UK on Saturday.
Ed Bastian, the CEO of Delta Air Lines, stated that critical applications within the airline’s IT systems were impacted by the issue. He mentioned that crew tracking-related tools were affected, causing difficulty in managing the high number of changes due to the outage.
Ryanair, Europe’s largest airline, canceled 400 flights over the weekend primarily due to an IT issue.
NHS England in the UK issued warnings about potential delays as they work on restoring the health service from the outage. They advised patients with appointments to attend unless instructed otherwise.
The British Medical Association mentioned that regular GP services might not resume immediately due to significant IT-related delays.
An NHS spokesperson stated, “The system is back online now, and with the dedicated efforts of NHS staff, we hope to minimize any further disruptions. However, please expect some delays as services are being restored, especially with GPs needing to reschedule appointments.”
Pharmacy services in the UK are anticipated to be slower than usual as the recovery process continues.
Nick Kaye, president of the National Pharmacists Association, urged customers to be patient as local pharmacies work through the backlog of prescriptions caused by the IT outage last week.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
