throbber
Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 1 of 27
`
`UNITED STATES DISTRICT COURT
`WESTERN DISTRICT OF TEXAS
`AUSTIN DIVISION
`
`
`JULIO DEL RIO, JACK MURPHY, and
`STEVEN BIXBY, individually and on behalf
`of all others similarly situated,
`
`
`
`Plaintiffs,
`
`
`v.
`
`CROWDSTRIKE, INC.,
`
`
`
`
`
`
`Defendant.
`
`
`
`Case No. 1:24-cv-00881
`
`CLASS ACTION
`
`JURY TRIAL DEMANDED
`
`
`
`
`Plaintiffs Julio del Rio, Jack Murphy, and Steven Bixby (collectively, “Plaintiffs”),
`
`individually and on behalf of all others similarly situated (collectively, “Class members”), by and
`
`through the undersigned attorneys, bring this Class Action Complaint against Defendant
`
`CrowdStrike, Inc. (“Defendant” or “CrowdStrike”), and complain and allege upon personal
`
`knowledge as to themselves and information and belief as to all other matters as follows.
`
`INTRODUCTION
`
`1.
`
`CrowdStrike is a cybersecurity firm that offers commercial data protection and
`
`cybersecurity services and products intended to keep computers safe from cyberattacks and
`
`malware, including its Falcon platform (“Falcon”).
`
`2.
`
`On July 19, 2024, CrowdStrike released a security software update for its Falcon
`
`platform. Rolling out this update should have been a routine process without any noticeable impact
`
`on CrowdStrike’s customers’ information technology (“IT”) systems. Instead, shortly after the
`
`release of the update “a global tech disaster was underway.”1
`
`
`1 Tom Warren, Inside the 78 minutes that took down millions of Windows machines, THE VERGE
`(July 23, 2024 10:40 AM), https://www.theverge.com/2024/7/23/24204196/crowdstrike-
`windows-bsod-faulty-update-microsoft-responses.
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 2 of 27
`
`3.
`
`Due to CrowdStrike’s negligent conduct, the software update contained one or
`
`more serious bugs2 or errors that caused millions of computers around the world to repeatedly
`
`crash and become inoperable (the “CrowdStrike Outage”).
`
`4.
`
`The consequences of CrowdStrike’s flawed update were catastrophic. In total, over
`
`8,500,000 devices went offline due to the CrowdStrike update.3 CrowdStrike’s carelessness caused
`
`one of the largest global IT system outages in history.4
`
`5.
`
`CrowdStrike’s Falcon platform is used by many of the world’s largest companies
`
`across a range of industries, including the aviation industry. The CrowdStrike Outage disrupted
`
`airline and airport IT systems, causing a cascade of flight delays and cancellations as airlines
`
`struggled to operate with their computer systems offline.5
`
`6.
`
`CrowdStrike’s flawed update not only interfered with airlines—it also severely
`
`interrupted the lives of the millions of people traveling in the days immediately following the
`
`CrowdStrike Outage. The CrowdStrike Outage grounded thousands of flights and delayed
`
`
`2 “A software bug is a problem causing a program to crash or produce invalid output. The
`problem is caused by insufficient or erroneous logic. A bug can be an error, mistake, defect or
`fault, which may cause failure or deviation from expected results.” Margaret Rouse, Software
`Bug, TECHOPEDIA (June 20, 2024), https://www.techopedia.com/definition/24864/software-bug.
`3 E.g., CIO Staff & Francisca Dominguez Zubicoa, Delta Airlines to ‘rethink Microsoft’ in wake
`of CrowdStrike outage, CIO (Aug. 1, 2024), https://www.cio.com/article/3480378/delta-airlines-
`to-rethink-microsoft-in-wake-of-crowdstrike-outage.html.
`4 See The Consequences Of The CrowdStrike Update, NPR (July 31, 2024 6:18 PM),
`https://www.npr.org/2024/07/31/1198912548/1a-07-31-
`2024#:~:text=The%20Consequences%20Of%20The%20CrowdStrike%20Update%20%3A%201
`A%20It's%20been%20called,to%20broadcast%20news%20to%20hospitals.
`5 See Aarian Marshall, Why the Global CrowdStrike Outage Hit Airports So Hard, WIRED (July
`19, 2024 5:00 PM), https://www.wired.com/story/crowdstrike-windows-outage-airport-travel-
`delays/.
`
`2
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 3 of 27
`
`thousands more, often stranding travelers in airports thousands of miles away from their intended
`
`destination for hours—and even days. 6
`
`7.
`
`But lengthy delays were not the only consequence of the outage for travelers. Faced
`
`with increasingly long delays and mounting flight cancellations, many travelers had no option but
`
`to spend hundreds of dollars or more on additional meals, lodging, or other travel arrangements as
`
`they desperately sought a way to their destination.
`
`8.
`
`CrowdStrike’s failure to properly develop, test, and deploy the Falcon update
`
`caused the CrowdStrike Outage and delayed or cancelled Plaintiffs’ and Class members’ flights.
`
`These delays and cancellations in turn forced Plaintiffs and Class members to incur additional
`
`expenses and damages. This action seeks to remedy these consequences of CrowdStrike’s
`
`negligence. Plaintiffs bring this action on behalf of themselves and all persons who had a flight
`
`delayed or cancelled as a result of the CrowdStrike Outage.
`
`9.
`
`Plaintiffs, on behalf of themselves and all other Class members, assert claims for
`
`negligence, violation of the California Unfair Competition Law, and public nuisance, and seek
`
`declaratory relief, injunctive relief, monetary damages, statutory damages, punitive damages,
`
`equitable relief, and all other relief authorized by law.
`
`PARTIES
`
`Plaintiff Julio del Rio
`
`10.
`
`Plaintiff Julio del Rio is a citizen of California.
`
`
`6 E.g., Shayla Reaves & Athony Bettin, Days after CrowdStrike outage, North Carolina woman
`still stuck at MSP Airport, CBS NEWS (July 22, 2024 7:55 AM),
`https://www.cbsnews.com/minnesota/news/north-carolina-woman-stuck-at-msp-airport-after-
`crowdstrike-outage/.
`
`3
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 4 of 27
`
`11.
`
`Plaintiff del Rio and his spouse had purchased tickets for a July 19, 2024 direct
`
`flight from Hawaii’s Kona International Airport (“KOA”) to Los Angeles International Airport for
`
`approximately $800.
`
`12.
`
`The CrowdStrike Outage affected the IT system of the airline Plaintiff del Rio
`
`planned to travel on, which caused Plaintiff del Rio’s flight to be delayed multiple times, before
`
`ultimately being canceled. Plaintiff del Rio was forced to spend time and effort attempting to
`
`arrange an alternative later flight to Los Angeles.
`
`13.
`
`The chaos caused by the CrowdStrike Outage meant Plaintiff del Rio was not able
`
`to book another direct flight from KOA to Los Angeles International Airport on the same airline.
`
`Instead, Plaintiff del Rio was forced to purchase tickets for a different airline’s flight to San
`
`Francisco, California. Plaintiff del Rio paid approximately $1,200 out-of-pocket for these tickets.
`
`He has not received a reimbursement or refund of the cost of his tickets on the original, canceled
`
`flight.
`
`14.
`
`Plaintiff del Rio’s flight to San Francisco was scheduled to leave on July 20, 2024,
`
`the day after his original flight would have left but for the CrowdStrike Outage. As a result,
`
`Plaintiff del Rio was stranded at KOA for an additional 11 hours overnight.
`
`15.
`
`Stranded overnight at the airport due to the CrowdStrike Outage, Plaintiff del Rio
`
`had no other options but to sleep on benches or the floor during the 11-hour delay. As a result,
`
`Plaintiff del Rio developed pain in his neck and back which lasted for several days.
`
`16.
`
`The CrowdStrike Outage was still causing massive flight delays and cancellations
`
`when Plaintiff del Rio arrived in San Francisco. As a result, Plaintiff del Rio could not get a flight
`
`from San Francisco to Los Angeles. Instead, he had to purchase tickets on yet another flight, this
`
`time from San Jose, California, to Burbank, California.
`
`4
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 5 of 27
`
`17.
`
`Plaintiff del Rio had no way to reach the San Jose airport for his next flight other
`
`than to pay for an Uber, which cost him approximately $80. Once Plaintiff del Rio arrived at the
`
`Burbank airport, he again had to pay for an Uber to take him home, which cost approximately $80.
`
`18.
`
`Because the CrowdStrike Outage caused such extensive flight delays and
`
`cancellations, Plaintiff del Rio did not arrive home until approximately 11:00 PM PST on July 20,
`
`2024, approximately 17 hours after he was originally scheduled to return. As a result of the nearly
`
`17 extra hours of travel, Plaintiff del Rio was forced to use his accrued paid time off to miss an
`
`additional day of work
`
`Plaintiff Jack Murphy
`
`19.
`
`20.
`
`Plaintiff Jack Murphy is a citizen of Ohio.
`
`On July 19, 2024, Plaintiff Murphy planned to fly from Columbia, South Carolina
`
`to Atlanta, Georgia, and from Atlanta to Cleveland, Ohio.
`
`21.
`
`The CrowdStrike Outage affected the IT system of the airline Plaintiff Murphy
`
`planned to travel on. As a result, Plaintiff Murphy’s flight from Columbia to Atlanta was delayed
`
`for several hours, before ultimately being canceled. Plaintiff Murphy was forced to spend time and
`
`effort arranging an alternative later flight from Columbia to Atlanta.
`
`22.
`
`Due to the CrowdStrike Outage, Plaintiff Murphy’s flight from Atlanta to
`
`Cleveland was also significantly delayed, stranding Plaintiff Murphy in the Atlanta airport for
`
`approximately nine hours. During the delay, he spent additional time and effort attempting to
`
`arrange an alternate flight to Cleveland, including waiting in a line to speak with airline personnel
`
`for nearly three and a half hours before Plaintiff Murphy was able to book a different flight to
`
`Cleveland.
`
`5
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 6 of 27
`
`23.
`
`Due to the CrowdStrike Outage, Plaintiff Murphy did not arrive in Cleveland until
`
`approximately 2:30 AM CDT on July 20, 2024. Due to the late hour, Plaintiff Murphy could not
`
`hire an Uber to drive him from the Cleveland airport to his home. As a result, Plaintiff Murphy’s
`
`wife was forced to drive to the airport to pick up Plaintiff Murphy, a trip of approximately 45
`
`minutes each way. This drive to and from the airport, which would not have been necessary had
`
`the CrowdStrike Outage not grounded flights, used gas that Plaintiff Murphy would not have
`
`otherwise used and added additional wear to Plaintiff Murphy’s vehicle.
`
`24.
`
`Plaintiff Murphy did not arrive home until approximately 3:30 AM, which severely
`
`interrupted Plaintiff Murphy’s normal sleep schedule. The disruption to Plaintiff Murphy’s sleep
`
`schedule caused him to suffer a migraine during the day of July 20, 2024. Plaintiff Murphy
`
`experienced dizziness, pains in his head, sensitivity to light, and nausea due to the migraine.
`
`Plaintiff Steven Bixby
`
`25.
`
`26.
`
`Plaintiff Steven Bixby is a citizen of Pennsylvania.
`
`On July 19, 2024, Plaintiff Bixby planned to fly from Harrisburg, Pennsylvania to
`
`O’Hare International Airport in Chicago, Illinois (“O’Hare”), and from O’Hare to Fort Worth,
`
`Texas.
`
`27.
`
`The CrowdStrike Outage affected the IT system of the airline Plaintiff Bixby
`
`planned to travel on. As a result, Plaintiff Bixby’s flight from Harrisburg to O’Hare was delayed
`
`approximately three hours. Plaintiff Bixby’s flight from O’Hare to Fort Worth was similarly
`
`delayed for approximately four hours as a result of the CrowdStrike Outage.
`
`28.
`
`Plaintiff Bixby’s trip from Harrisburg to Fort Worth was scheduled to take
`
`approximately eight hours. But because the CrowdStrike Outage delayed his flights, his trip instead
`
`took approximately 17.5 hours—over nine hours longer than it otherwise would have.
`
`6
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 7 of 27
`
`29.
`
`Because the CrowdStrike Outage affected the IT system of the airline Plaintiff
`
`Bixby travelled on, Plaintiff Bixby’s luggage was delayed and did not arrive in Fort Worth until
`
`several hours after Plaintiff Bixby. Plaintiff Bixby had to return to the airport to retrieve his
`
`luggage when it finally arrived at approximately 2:00 AM CDT on July 20, 2024.
`
`Defendant CrowdStrike, Inc.
`
`30.
`
`Defendant CrowdStrike, Inc., is a Delaware corporation with its principal place of
`
`business located at 206 E. 9th Street, Suite 1400, Austin, TX 78701. It may be served through its
`
`registered agent: Corporation Service Company, 211 E. 7th Street, Suite 620, Austin, TX 78701.
`
`JURISDICTION AND VENUE
`
`31.
`
`The Court has subject matter jurisdiction over Plaintiffs’ claims under 28 U.S.C. §
`
`1332(d)(2), because (a) there are 100 or more Class members, (b) at least one Class member is a
`
`citizen of a state that is diverse from Defendant’s citizenship, and (c) the matter in controversy
`
`exceeds $5,000,000, exclusive of interest and costs.
`
`32.
`
`This Court has general personal jurisdiction over Defendant CrowdStrike, Inc.,
`
`because it maintains its principal place of business in this State, regularly conducts business in this
`
`State, and has sufficient minimum contacts in this State.
`
`33.
`
`Venue is proper in this Court pursuant to 28 U.S.C. § 1391(b) because Defendant’s
`
`principal places of business are in this District and a substantial part of the events, acts, and
`
`omissions giving rise to Plaintiffs’ claims occurred in this District.
`
`7
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 8 of 27
`
`FACTUAL ALLEGATIONS
`
`Overview of CrowdStrike
`
`34.
`
`Founded in 2011, CrowdStrike’s products are “tailored for large [organizations] in
`
`which CrowdStrike’s tools help them monitor their networks for signs of attack, and provide them
`
`with the information they need to respond to intrusions in a timely way.”7
`
`35.
`
`CrowdStrike “is among the most popular cybersecurity providers in the world, with
`
`close to 30,000 subscribers globally.”8 Among CrowdStrike’s customers are 298 Fortune 500
`
`companies, including financial service firms, healthcare providers, technology firms, and food and
`
`beverage companies, among others.9 Also amongst its customers are major airlines, including
`
`American Airlines, Delta, and United.10 These “are huge companies that collectively have
`
`hundreds of millions of Windows PCs and systems.”11
`
`36.
`
`CrowdStrike’s “primary technology is the Falcon platform, which helps protect
`
`systems against potential threats in a bid to minimize cybersecurity risks.”12 Falcon is a security
`
`
`7 Toby Murray, What is CrowdStrike Falcon and what does it do? Is my computer safe?, THE
`CONVERSATION (July 19, 2024 6:20 AM), https://theconversation.com/what-is-crowdstrike-
`falcon-and-what-does-it-do-is-my-computer-safe-
`235123#:~:text=CrowdStrike%20is%20a%20US%20cyber,response%E2%80%9D%20(EDR)%
`20software.
`8 Martin Coulter, CrowdStrike chaos could prompt rethink among investors, customers, REUTERS
`(July 19, 2024 5:52 PM), https://www.reuters.com/technology/cybersecurity/crowdstrike-chaos-
`could-prompt-rethink-among-investors-customers-2024-07-
`19/#:~:text=CrowdStrike%20%2D%20which%20previously%20reached%20a,its%20growth%2
`0and%20high%20margin.
`9 We stop breaches, CROWDSTRIKE, https://www.crowdstrike.com/platform/ (last accessed Aug.
`5, 2024).
`10 Kim Komando, The real reason CrowdStrike brought companies to their knees, KOMANDO
`(July 20, 2024), https://www.komando.com/news/the-real-reason-crowdstrike-brought-
`companies-to-their-knees/.
`11 Id. (emphasis in original).
`12 Sean Michael Kerner, CrowdStrike outage explained: What caused it and what’s next,
`TECHTARGET (July 25, 2024), https://www.techtarget.com/whatis/feature/Explaining-the-largest-
`IT-outage-in-history-and-whats-next.
`
`8
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 9 of 27
`
`software product that, once installed on a computer, helps prevent cyberattacks and malware.13
`
`Falcon is “purpose-built to stop breaches via a unified set of cloud-delivered technologies that
`
`prevent all types of attacks — including malware and much more.”14
`
`37.
`
`CrowdStrike offers its software products, including those responsible for or
`
`involved in the CrowdStrike Outage, on a subscription basis to its customer. CrowdStrike licenses
`
`the use of the software, but at all times retains ownership of the software.15
`
`The CrowdStrike Outage
`
`38.
`
`On or about Friday, July 19, 2024, “as part of regular operations, CrowdStrike
`
`released a [Falcon] content configuration update for the Windows sensor to gather telemetry on
`
`possible novel threat techniques.”16 Updates of this type “are a normal part of the [Falcon] sensor’s
`
`operation and occur several times a day in response to novel tactics, techniques, and procedures
`
`discovered by CrowdStrike.”17 CrowdStrike claims “[t]his is not a new process; the architecture
`
`has been in place since Falcon’s inception.”18
`
`39. With that update, CrowdStrike “introduced a logic error” which caused the Falcon
`
`sensor to crash and, as a result, crashed the Windows systems itself.19 The crashes were caused by
`
`
`
`13 Murray, supra note 7.
`14 What is CrowdStrike? Falcon platform FAQ, CROWDSTRIKE,
`https://www.crowdstrike.com/products/faq/ (last accessed Aug. 5, 2024).
`15 E.g., CrowdStrike Terms and Conditions, CROWDSTRIKE, https://www.crowdstrike.com/terms-
`conditions/ (last accessed Aug. 5, 2024); CrowdStrike Software Terms of Use, CROWDSTRIKE,
`https://www.crowdstrike.com/software-terms-of-use/ (last accessed Aug. 5, 2024).
`16 Preliminary Post Incident Review (PIR): Content Configuration Update Impacting the Falcon
`Sensor and the Windows Operating System (BSOD), CrowdStrike (July 24, 2024),
`https://www.crowdstrike.com/blog/falcon-content-update-preliminary-post-incident-report/.
`17 Technical Details: Falcon Content Update for Windows Hosts, CROWDSTRIKE (July 20, 2024),
`https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/.
`18 Id.
`19 Kerner, supra note 12.
`
`9
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 10 of 27
`
`“a defect in the Rapid Response Content, which went undetected during validation checks.”20 The
`
`July 19 update supposedly “passed validation despite containing problematic content data.”21
`
`CrowdStrike did not subject the update to additional testing or verifications before publishing it.22
`
`40.
`
`Once a Windows computer received the update, “problematic content in [the
`
`update] resulted in an out-of-bounds memory read triggering an exception. This unexpected
`
`exception could not be gracefully handled, resulting in a Windows operating system crash.”23
`
`41. Windows computers that received the Falcon update were forced into a “recovery
`
`boot loop,” meaning the computers could not start and operate properly.24 The computers displayed
`
`a “blue screen of death,” which indicates a “stop error . . . a critical error that has caused the
`
`Windows operating system to crash.”25
`
`42.
`
`CrowdStrike’s channel file updates, such as the update that caused the CrowdStrike
`
`Outage, “were pushed to computers regardless of any settings meant to prevent such automatic
`
`updates.”26
`
`
`20 Preliminary Post Incident Review Executive Summary, CROWDSTRIKE,
`https://www.crowdstrike.com/wp-content/uploads/2024/07/CrowdStrike-PIR-Executive-
`Summary.pdf (last accessed Aug. 5, 2024).
`21 Id.
`22 Bill Toulas, CrowdStrike: ‘Content Validator’ bug let faulty update pass checks, BLEEPING
`COMPUTER (July 24, 2024 10:16 AM),
`https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-
`update-pass-checks/.
`23 Preliminary Post Incident Review (PIR), supra note 16.
`24 Tom Warren, Major Windows BSOD issue hits banks, airlines, and TV broadcasters, THE
`VERGE (July 19, 2024 2:17 AM), https://www.theverge.com/2024/7/19/24201717/windows-
`bsod-crowdstrike-outage-issue.
`25 Davey Winder, Blue Screen of Death—Microsoft Says Turn It Off And On Again And Again
`And Again, Forbes (July 20, 2024 7:03 AM),
`https://www.forbes.com/sites/daveywinder/2024/07/20/blue-screen-of-death-microsoft-says-
`turn-it-off-and-on-again-and-again-and-again/.
`26 Wes Davis, CrowdStrike’s faulty update crashed 8.5 million Windows devices, says Microsoft,
`THE VERGE (July 20, 2024 12:20 PM),
`https://www.theverge.com/2024/7/20/24202527/crowdstrike-microsoft-windows-bsod-outage.
`
`10
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 11 of 27
`
`43.
`
`Falcon “follows a common practice of continuous integration and continuous
`
`delivery . . . such that software updates are deployed at once for many customers at scale.”27 In
`
`total, the “faulty update” caused a global technology disaster that affected 8.5 million Windows
`
`devices.28
`
`CrowdStrike Knew of the Risks of a Software Error
`
`44.
`
`At all relevant times, CrowdStrike knew, or should have known, that failing to
`
`develop, implement, and maintain reasonable software development, testing, and validation
`
`processes, procedures, or controls would inevitably result in it publishing and disseminating a
`
`software update containing serious flaws, errors, invalid data, or bugs.
`
`45.
`
`At all relevant times, CrowdStrike also knew, or should have known, that
`
`publishing and disseminating an update containing serious flaws, errors, invalid date, or bugs,
`
`would cause a massive and widespread outage of its customers’ computer systems.
`
`46.
`
`Software containing a flaw or bug can “degrade interconnected systems or cause
`
`serious malfunctions.”29 To prevent these issues, software testing is an essential practice to ensure
`
`software functions as expected and to detect serious flaws, errors, invalid data, or bugs in the
`
`software.30
`
`
`27 See Matt Kapko, CrowdStrike says flawed update was live for 78 minutes, CYBERSECURITY
`DIVE (July 23, 2024), https://www.cybersecuritydive.com/news/crowdstrike-flawed-update-78-
`minutes/722070/.
`28 Davis, supra note 26.
`29 What is software testing?, IBM, https://www.ibm.com/topics/software-testing (last accessed
`Aug. 5, 2024).
`30 The Importance of Software Testing, IEEE COMPUT. SOC.,
`https://www.computer.org/resources/importance-of-software-testing (last accessed Aug. 5,
`2024).
`
`11
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 12 of 27
`
`47.
`
`“The importance of effective testing cannot be overstated when developing and
`
`maintaining complex, reliable software systems in today’s world.”31 Indeed, CrowdStrike itself
`
`recommends that organizations search for and detect software bugs.32
`
`48. While companies such as CrowdStrike deploy security updates often, “it is
`
`important that they aren’t rushed and go through the basic due diligence to ensure something like
`
`CrowdStrike [O]utage doesn’t happen.”33 If a software update has the potential to affect “not just
`
`your users but your users’ users, you must slow-roll the release over a period of hours or days,
`
`rather than risk crippling the entire planet with one large update.”34
`
`49.
`
`In filings with the Security and Exchange Commission, CrowdStrike has
`
`acknowledged the risk that product enhancements “may have quality or other defects or
`
`deficiencies.”35 CrowdStrike also knew that, “[b]ecause our cloud native security platform is
`
`complex, it may contain defects or errors that are not detected until after deployment.”36 It further
`
`knew that “errors, defects or performance problems in our software” and “improper deployment
`
`or configuration of our solutions” could affect the delivery, availability, and performance of its
`
`Falcon platform.37
`
`
`
`31 Id.
`32 See Jacob Garrison, How to Secure Business-Critical Applications, CROWDSTRIKE (Feb. 9,
`2024), https://www.crowdstrike.com/blog/how-to-secure-business-critical-applications/.
`33 Shweta Sharma, CrowdStrike was not the only security vendor vulnerable to hasty testing,
`CSO ONLINE (July 29, 2024), https://www.csoonline.com/article/3478372/crowdstrike-was-not-
`the-only-security-vendor-vulnerable-to-hasty-testing.html.
`34 Id.
`35 Form 10-K, CROWDSTRIKE (Mar. 6, 2024), https://ir.crowdstrike.com/static-files/29e71f45-
`3c39-4c2c-9159-5e7bb9f3315b.
`36 Id.
`37 See id.
`
`12
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 13 of 27
`
`50.
`
`The aviation sector is considered part of America’s critical infrastructure according
`
`to the Cybersecurity and Infrastructure Security Agency.38 CrowdStrike knows its Falcon platform
`
`is used by airlines and airports.39
`
`51.
`
`CrowdStrike knew that the incapacitation of critical infrastructure systems, such as
`
`the aviation sector, “would have a debilitating effect on the security and safety of [American]
`
`citizens.”40 CrowdStrike also knew that “nearly all critical infrastructures rely heavily on cyber
`
`and network support to operate these essential systems.”41
`
`52.
`
`CrowdStrike knew that “[a]irport and aircraft operators run complex networks of
`
`IT and OT systems to move passengers and freight safely and efficiently across the United
`
`States.”42 It also knew that disruption of airline information technology and operational technology
`
`systems could cause “business degradation and disruption of airline operations.”43
`
`53.
`
`It is clear that the “tech providers that support infrastructure relied upon by the
`
`public and private sectors bear a responsibility to protect our safety and security.”44 Therefore,
`
`
`38 Transportation Systems Sector, CYBERSEC. & INFRASTRUCTURE SEC. AGENCY,
`https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-
`sectors/transportation-systems-sector (last accessed Aug. 5, 2024).
`39 E.g., Jamie Gale, Porter Airlines Consolidates Its Cloud, Identity and Endpoint Security with
`CrowdStrike, CROWDSTRIKE (Apr. 18, 2024), https://www.crowdstrike.com/blog/porter-airlines-
`consolidates-cybersecurity-with-crowdstrike/.
`40 Shawn Henry, Critical Infrastructure: One More Thing to Give Thanks For — and Protect,
`CROWDSTRIKE (Nov. 22, 2016), https://www.crowdstrike.com/blog/critical-infrastructure-one-
`thing-give-thanks-protect/.
`41 Id.
`42 Cyber Resilience for the Airline Industry, CROWDSTRIKE, https://www.crowdstrike.com/wp-
`content/uploads/2023/04/crowdstrike-cyber-resilience-for-airline-industry.pdf (last accessed
`Aug. 5, 2024).
`43 See id.
`44 Heidi Boghosian, Opinion: The CrowdStrike outage shows the danger of depending on Big
`Tech overlords, LA TIMES (July 23, 2024 12:07 PM),
`https://www.latimes.com/opinion/story/2024-07-23/crowdstrike-outage-microsoft-tech-security.
`
`13
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 14 of 27
`
`technology providers must prioritize security and reliability in their products “over other incentives
`
`such as cost, features, and speed to market.”45
`
`54.
`
`CrowdStrike, as a cybersecurity company, was and is well aware of the damage a
`
`large-scale IT system outage would cause. CrowdStrike also knew of the risks of system failures
`
`posed by software and software updates containing serious flaws, errors, invalid data, or bugs. It
`
`knows that the “adverse effects of any service interruptions . . . may be disproportionately
`
`heightened due to the nature of [its] business and the fact that [its] customers have a low tolerance
`
`for interruptions of any duration.”46
`
`55.
`
`CrowdStrike failed to adequately and reasonably test or validate the July 19, 2024
`
`update to ensure it did not contain any serious flaws, errors, invalid data, or bugs. Had CrowdStrike
`
`developed, implemented, and maintained reasonable software development, testing, and validation
`
`processes, procedures, or controls, it would have discovered the serious flaws, errors, invalid data,
`
`or bugs in the July 19, 2024 update and prevented the CrowdStrike Outage from occurring.
`
`56.
`
`For example, it is “a fairly standard practice to roll out updates gradually, letting
`
`developers test for any major problems before an update hits their entire user base.”47 If
`
`CrowdStrike had followed this industry-standard process, it would have discovered the flaws,
`
`errors, invalid data, or bugs in the update, and would not have published and disseminated the
`
`flawed update to all of its customers, including airlines48. This process would have prevented the
`
`global effects of the CrowdStrike Outage.
`
`
`45 Jessica Lyons, US cybersecurity chief: Software makers shouldn’t lawyer their way out of
`security responsibilities, THE REGISTER (Feb. 28, 2023 10:23 PM),
`https://www.theregister.com/2023/02/28/cisa_easterly_secure_software/.
`46 Form 10-K, supra note 35.
`47 Warren, supra note 1.
`48 See id.
`
`14
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 15 of 27
`
`57.
`
`The CrowdStrike Outage was entirely foreseeable, especially in light of other recent
`
`software problems that have similarly affected consumers. For example, in January, 2023, a
`
`damaged database file forced the FAA to impose a nationwide ground stop, which delayed more
`
`than 10,000 flights and resulted in over 1,300 flights being cancelled.49 In April, 2023, Southwest
`
`Airlines experienced a technology failure caused by a failure in vendor-supplied software.50 The
`
`technical issue forced Southwest Airlines to ground 1,820 flights nationwide.51 In 2010, an error
`
`in a security update for McAfee’s corporate antivirus software caused Windows computers around
`
`the globe to crash.52
`
`58.
`
`These and other similar events illustrate why it is “absolutely critical” that vendors
`
`supplying software updates or patches “thoroughly test [them] to ensure that those updates are not
`
`causing harm or outages.”53
`
`59.
`
`CrowdStrike knew or should have known of these and other similar instances of
`
`software and IT system failures, and CrowdStrike knew or should have known that publishing and
`
`
`49 David Shepardson et al., Airlines hope for return to normal Thursday after FAA outage snarls
`U.S. travel, REUTERS (Jan. 11, 2023 8:28 PM), https://www.reuters.com/business/aerospace-
`defense/us-faa-says-flight-personnel-alert-system-not-processing-updates-after-outage-2023-01-
`11/.
`50 See Allison Lampert & Rajesh Kumar Singh, Southwest network failure raises concerns over
`system’s strength, REUTERS (Apr. 20, 2023 5:00 AM),
`https://www.reuters.com/business/aerospace-defense/southwest-network-failure-raises-concerns-
`over-systems-strength-2023-04-19/.
`51 Stefanie Schappert, Southwest Airlines forced to ground all US flights – again, CYBERNEWS
`(Apr. 19, 2023 6:52 AM), https://cybernews.com/news/southwest-airlines-technical-issues-
`flights-grounded-again/.
`52 David Kravets, McAfee Probing Bungle That Sparked Global PC Crash, WIRED (Apr. 22,
`2010 1:24 PM), https://www.wired.com/2010/04/mcafeebungle/; Declan McCullagh, Buggy
`McAfee update whacks Windows XP PCs, CNN (Apr. 22, 2010 11:24 AM),
`https://www.cnn.com/2010/TECH/04/22/cnet.mcafee.antivirus.bug/index.html.
`53 Sharma, supra note 33.
`
`15
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 16 of 27
`
`dissemination a software update for its Falcon platform containing serious flaws, errors, invalid
`
`data, or bugs would cause similar flight delays and cancellations.
`
`The CrowdStrike Outage Caused Widespread Flight Delays and Cancellations
`
`60.
`
`The CrowdStrike Outage had major impacts on air travel within the United States
`
`and internationally. Airlines were hit “particularly hard” by the CrowdStrike Outage due to the
`
`aviation sector’s “sensitivity to timings.”54
`
`61.
`
`A statement by United Airlines indicated the CrowdStrike outage “affected many
`
`separate systems, such as those used for calculating aircraft weight, checking in customers, and
`
`phone systems in our call centers.”55 Plaintiffs and Class members “faced delays, cancellations
`
`and problems checking in as airports and airlines” were ground to a halt by the CrowdStrike
`
`Outage.56
`
`62.
`
`According to the Federal Aviation Administration, “several U.S. carriers, including
`
`American Airlines, United Airlines, and Delta Air Lines, issued ground stops for all their flights
`
`early on” Friday, July 19, 2024, due to the CrowdStrike Outage.57 By approximately 8:40 PM ET
`
`on Friday, July 19, 2024, over 3,000 flights had been canceled and over 11,000 flights had been
`
`
`54 Zach Wichter et al., 2,600+ US flights canceled: United, American Airlines resume service
`after global outage, USA Today (July 19, 2024 5:18 PM),
`https://www.usatoday.com/story/travel/news/2024/07/19/global-it-outage-flights-canceled-
`delayed/74466125007/.
`55 Zach Wichter et al., 1,600+ US flights canceled Saturday: United, Delta still working to
`recover from outage, USA TODAY (July 20, 2024 9:02 AM),
`https://www.usatoday.com/story/travel/airline-news/2024/07/20/flight-canceled-delta-
`united/74481266007/.
`56 Wichter et al., supra note 54.
`57 See id.
`
`16
`
`

`

`Case 1:24-cv-00881-RP Document 1 Filed 08/05/24 Page 17 of 27
`
`delayed.5

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket