`
`UNITED STATES DISTRICT COURT
`WESTERN DISTRICT OF TEXAS
`AUSTIN DIVISION
`
`
`
`Civil Action No. ____________________
`
`
`CLASS ACTION
`
`DEMAND FOR JURY TRIAL
`
`
`CHRISTOPHER HARLAN and SARA
`HARLAN,
`
`Plaintiffs,
`
`v.
`
`CROWDSTRIKE HOLDINGS, INC., and
`CROWDSTRIKE, INC.,
`
`Defendants
`
`
`
`
`I.
`
`INTRODUCTION
`
`CLASS ACTION COMPLAINT
`
`1.
`
`Many large businesses, like major airlines, and government agencies use software
`
`from CrowdStrike Holdings, Inc. and CrowdStrike, Inc. (collectively, “CrowdStrike”), one of the
`
`largest cybersecurity companies, to keep their many computer terminals secure from hackers.
`
`CrowdStrike attaches deeply within the Windows operating system to anticipate innovative
`
`hackers, but that deep-level attachment also gives CrowdStrike greater ability to trigger a computer
`
`failure.1
`
`2.
`
`CrowdStrike’s executives knew their design involved the operating system and
`
`knew its many airline customers would have difficulty repairing numerous blue failure screens on
`
`
`
`1 Joseph Menn and Aaron Gregg, CrowdStrike Blames Global IT Outage on Bug in Checking
`Updates,
`THE
`WASHINGTON
`POST
`(July
`24,
`2024),
`https://www.washingtonpost.com/business/2024/07/24/crowdstrike-microsoft-crash-bug-report/
`(accessed July 31, 2024)
`
`1
`
`
`1:24-cv-00954
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 2 of 33
`
`all their terminals and kiosks.2 CrowdStrike’s CEO told investors its many airline customers
`
`“don’t want to send out an IT person to go fix a kiosk that has a Microsoft blue screen,” so the
`
`airlines should exclusively use CrowdStrike’s Falcon security platform.3 CrowdStrike also knew
`
`that it pushed updates out nearly simultaneously to all of its customers and all of their computer
`
`networks, which, as its prior experiences showed, could crash computers that would get stuck
`
`trying repetitively but unsuccessfully to reboot.
`
`3.
`
`Despite that knowledge, early on Friday, July 29, 2024, CrowdStrike pushed out an
`
`ill-designed and poorly tested update to its Falcon software, causing the largest computer outage
`
`in history (the “CrowdStrike Outage”). Delta Airlines especially relied on CrowdStrike for its
`
`many Windows computers and terminals.
`
`4.
`
`As a result of the Outage, thousands of Delta’s computers crashed and had to be
`
`manually rebooted. Delta could not even locate many of its flight crews because that information
`
`was in the computers. As a direct result of CrowdStrike’s knowing negligence, Delta had to cancel
`
`thousands of flights, stranding, and confounding the travel of, thousands of travelers that Delta had
`
`promised to deliver on time to their destinations, destroying the value of many events for which
`
`customers had paid, and collectively costing these travelers millions of dollars. But for the failures
`
`
`
`2 The “blue screen of death” appears on Windows computer screens when a critical error (or “stop
`error”) has caused the Windows operating system to crash, often indicating an error in the operating
`system’s deeper levels. Davey Winder, Blue Screen of Death—Microsoft Says Turn It Off And On
`Again
`And
`Again
`And
`Again,
`FORBES
`(July
`20,
`2024),
`https://www.forbes.com/sites/daveywinder/2024/07/20/blue-screen-of-death-microsoft-says-turn-
`it-off-and-on-again-and-again-and-again/ (accessed August 9, 2024).
`
`3 See CrowdStrike Holdings, Inc. (CRWD) Q3 2024 Earnings Call Transcript, SEEKINGALPHA
`(Nov. 28, 2023), https://seekingalpha.com/article/4654747-crowdstrike-holdings-inc-crwd-q3-
`2024-earnings-call-transcript (accessed August 1, 2024).
`
`2
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 3 of 33
`
`and harms caused by CrowdStrike, which were foreseeable, Plaintiffs and Class Members would
`
`not have been damaged.
`
`5.
`
`Accordingly, Plaintiffs bring this action to redress the CrowdStrike’s knowing and
`
`careless disruption of Delta’s systems and its promises to its travelers.
`
`II.
`
`JURISDICTION AND VENUE
`
`6.
`
`This Court has subject matter jurisdiction under the Class Action Fairness Act of
`
`2005 (“CAFA”), 28 U.S.C. §§ 1332(d)(2) and (6) because (i) there are 100 or more class members,
`
`(ii) the aggregate amount in controversy exceeds $5,000,000 exclusive of interest and costs, and
`
`(iii) the case has minimal diversity because at least one plaintiff and one defendant are citizens of
`
`different states.
`
`7.
`
`Venue is also proper in this judicial district under 28 U.S.C. § 1391 because
`
`Defendant transacts substantial business here. On information and belief, CrowdStrike supplied
`
`software to Delta for computer equipment operating in this district and therefore received revenue
`
`and profits from its subscriptions in this district. The Austin, Texas, airport was among the airports
`
`where the CrowdStrike Outage affected Delta flights.4
`
`8.
`
`This Court has personal jurisdiction over CrowdStrike by virtue of its transactions,
`
`business presence, and business conducted in this judicial district. Defendant CrowdStrike has
`
`transacted and done business and committed knowing negligence and interfered with contracts in
`
`
`
`4 Rachel Royster, Austin Air Travel Affected by CrowdStrike Outage; CapMetro Public Transit
`Back
`on
`Track,
`AUSTIN-AMERICAN
`STATESMAN
`(July
`19,
`2024),
`https://www.statesman.com/story/news/local/2024/07/19/austin-bergstrom-international-airport-
`cancel-travel-crowdstrike-tech-outage-capmetro-public-transit/74470631007/ (accessed August 9,
`2024).
`
`3
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 4 of 33
`
`this judicial district by pushing its defective software update to computers in this State and violated
`
`common law negligence doctrine in this State and district.
`
`III.
`
`PARTIES
`
`9.
`
`Plaintiff Christopher Harlan is a citizen of Iowa and resides in Urbandale, Iowa.
`
`10.
`
`Plaintiff Sara Harlan is a citizen of Iowa and resides in Urbandale, Iowa. Sara
`
`Harlan and Christopher Harlan are married and are sometimes referred to collectively as
`
`“Plaintiffs.”
`
`11.
`
` Plaintiffs purchased airline tickets for to return from their vacation in the
`
`Dominican Republic to Atlanta, Georgia, and then to fly on Delta from Atlanta home to the Des
`
`Moines, Iowa, airport on July 22, 2024. As a result of the CrowdStrike Outage, Delta canceled
`
`Plaintiffs’ flight from Atlanta to get home.
`
`12.
`
`Plaintiffs each spent time booking replacement flights home, only to find
`
`replacement flights were canceled, sometimes after multiple delays. One flight was from Atlanta
`
`to Omaha, Nebraska, so Plaintiff Christopher Harlan booked a rental car to drive from Omaha to
`
`Des Moines. The flight to Omaha was also delayed and then canceled.
`
`13.
`
`Plaintiff Sara Harlan booked a hotel room in Atlanta for the rest of the night of July
`
`22, 2024, using their joint credit card. Plaintiffs took an Uber ride to the hotel, leaving the airport
`
`after midnight. At the hotel, they had to wait an hour to check in, finally getting to their room
`
`around 2:30 a.m. Their hotel room cost $139.60. They also incurred an Uber ride back to the
`
`airport. Their Uber rides to and from the airport cost $35.04.
`
`14.
`
`Plaintiffs finally boarded a flight that traveled on July 23, 2024, and they arrived in
`
`Des Moines on that date. In Iowa, Plaintiffs paid for extra parking at the airport and for an extra
`
`day of house-sitting.
`
`4
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 5 of 33
`
`15.
`
`As a result of the CrowdStrike Outage and Plaintiffs’ delayed flights, they incurred
`
`out-of-pocket expenses that would not otherwise have been required. His additional expenses
`
`included food at the airport on July 22 and 23, 2024, a night at the hotel, Uber rides to and from
`
`the hotel, and additional parking and house-sitting.
`
`16.
`
`CrowdStrike Holdings, Inc., is incorporated in Delaware. CrowdStrike started in
`
`Sunnyvale, California, in Silicon Valley, but designated Austin, Texas, as its headquarters in 2021.
`
`CrowdStrike Holdings controls its subsidiaries and conducts its business through subsidiaries
`
`acting as its agents, including CrowdStrike, Inc.
`
`17.
`
`CrowdStrike, Inc., is a Delaware corporation with its principal place of business in
`
`Austin, Texas. CrowdStrike, Inc. is a direct subsidiary of CrowdStrike Holdings, Inc. CrowdStrike
`
`Holdings, Inc., and CrowdStrike, Inc., are collectively referred to as “CrowdStrike.” CrowdStrike
`
`considers its accounting on a consolidated basis and considers itself as one operating and
`
`reportable segment.
`
`18.
`
`CrowdStrike is a cybersecurity enterprise. CrowdStrike’s primary offering is its
`
`Falcon platform. CrowdStrike has over 8,400 employees, collected over $23 billion in 2023
`
`revenue, and serves about 29,000 customers, including many Fortune 500 airlines and other
`
`companies.
`
`IV.
`
`FACTUAL ALLEGATIONS
`
`19. With a $77.4 billion 2024 market valuation, CrowdStrike is the second-largest
`
`global cybersecurity company. Palo Alto Networks has the largest market capitalization. Other
`
`large cybersecurity companies include Fortinet, Cloudflare, Zscaler, Check Point Software,
`
`5
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 6 of 33
`
`Leidos, Okta, Akami, and Gen Digital.5 Corporate business antivirus tools differ from consumer
`
`antivirus products in that business tools protect a network of devices within an organization.
`
`Business security tools are referred to as endpoint security “because they protect multiple devices
`
`under a single network, and these devices are called endpoints.”6
`
`A.
`
`CrowdStrike Falcon and Endpoint Security Protection Software.
`
`20.
`
`Consumer antivirus products tend to be reactive and focus on preventing known
`
`malware from infecting that device. Each device requires a separate software installation.
`
`Consumer antivirus software scans devices for signatures associated with malware and compares
`
`them to databases of known malware signatures that the antivirus companies maintain.7
`
`21.
`
`Business endpoint cyber-security software is more proactive in preventing attacks
`
`from occurring. Those programs “usually employ artificial intelligence and machine learning to
`
`detect threats whose signatures may not be known.” The artificial intelligence may be used to
`
`“identify threat patterns and stop them before they can cause issues.”8
`
`22.
`
`Revenue for the global endpoint security market is forecast to grow from $16.25
`
`billion in 2024 to $36.59 billion in 2028.9
`
`
`
`5 Statista Report, COMPANIES & PRODUCTS—CROWDSTRIKE at 7 (2024).
`
`6 Benedict Collins, Best Endpoint Protection Software of 2024, TECHRADAR PRO (June 26, 2024),
`https://www.techradar.com/news/best-endpoint-security-software (accessed August 1, 2024).
`
`7 Id.
`
`8 Id.
`
`9 Forecast Revenue from Endpoint Security Market Worldwide Form 2024 to 2028, STATISTA
`(2024), https://www.statista.com/statistics/497965/endpoint-security-market/ (accessed August 1,
`2024).
`
`6
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 7 of 33
`
`23.
`
`CrowdStrike’s cyber-security solutions
`
`include endpoint protection,
`
`threat
`
`intelligence, incident response, and endpoint detection and response.10 CrowdStrike’s customers
`
`include government agencies and multinational corporations in several industries including
`
`airlines, banks, hospitals, and telecommunications firms.11 CrowdStrike’s subscription revenue
`
`grew from $219.4 million in 2019 to $2.11 billion in 2023, considerably surpassing its professional
`
`services revenue.12 Accordingly, CrowdStrike knew most of its work was for ongoing customers
`
`such as Delta Airlines.
`
`CrowdStrike Segment Revenue (in $US millions)
`
`2500
`
`2000
`
`1500
`
`1000
`
`500
`
`0
`
`2023
`
`2022
`
`2021
`
`2020
`
`2019
`
`Subscription
`
`Professional
`Services
`
`2019
`
`2020
`
`2021
`
`2022
`
`2023
`
`
`
`
`
`10 CrowdStrike Inc – Company Profile, GLOBALDATA, https://www.globaldata.com/company-
`profile/crowdstrike-inc/ (accessed July 25, 2024)
`
`11 Adam Satariano, Paul Mozur, Kate Conger and Sheera Frenkel, Chaos and Confusion: Tech
`Outage Causes Disruptions Worldwide, NEW YORK TIMES
`(July
`19,
`2024),
`https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html
`(accessed July 24, 2024)
`
`12 Statista Report, COMPANIES & PRODUCTS—CROWDSTRIKE, supra, at 10.
`
`7
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 8 of 33
`
`24.
`
`CrowdStrike’s flagship service is its Falcon software platform, which is said to use
`
`machine learning and other artificial intelligence to detect, prevent, and respond to cyber-security
`
`threats. CrowdStrike claims Falcon’s key advantage is its ability to keep up with threats through
`
`rapid innovation. CrowdStrike claims its platform collects data to identify hackers’ shifting tactics
`
`and continuously improves to keep customers ahead of attackers’ newest approaches.
`
`25.
`
`CrowdStrike’s Falcon software, like other security platforms, attaches to Microsoft
`
`Windows deeply within the Windows operating system.13 CrowdStrike regularly updates the
`
`platform in at least two ways. First, “Sensor Content” updates directly affect Falcon’s sensor.
`
`Second, “Rapid Response Content” updates adjust how those sensors behave in trying to detect
`
`threats.
`
`B.
`
`The Global CrowdStrike Outage.
`
`26.
`
`Shortly after midnight Eastern time on the morning of July 19, 2024, CrowdStrike
`
`pushed out a defective update for its Falcon platform. CrowdStrike intended the update to provide
`
`what it calls Rapid Response Content to its sensor malware detection component.
`
`27.
`
`Because Falcon is an endpoint system, CrowdStrike pushed the update
`
`simultaneously to thousands of separate computer endpoints—likely to most computer terminals
`
`in Delta’s computer network, as well as to each endpoint in thousands of other computer networks
`
`that CrowdStrike services.
`
`28.
`
`CrowdStrike included a defective data file in the update it sent to the detection
`
`unit’s Content Interpreter. The defect caused an out-of-bounds exception in the Windows software.
`
`13 Menn and Gregg, supra.
`
`
`
`8
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 9 of 33
`
`At Windows’ deeper level of the operating system, crashes can more readily spread across the
`
`operating system than at the more surface level at which user’s visible programs normally operate.
`
`29.
`
`CrowdStrike’s defect and its out-of-bounds exception caused many of these
`
`computer endpoints to crash.
`
`30.
`
`CrowdStrike attempted to roll back its defective update at 1:27 a.m. Eastern time,
`
`but by then it had already affected millions of computers on numerous networks.14
`
`31.
`
`Because of the computer system crashes, users’ computers greeted them with
`
`Windows’ blue warning screen, often called the Blue Screen of Death.
`
`32.
`
`CrowdStrike’s defective update further caused affected computers to shut down and
`
`endlessly, but unsuccessfully, attempt to reboot, sometimes called a “doom loop.”
`
`33.
`
`The nature of these operating system crashes meant that each endpoint required
`
`manual intervention to restart.
`
`34.
`
`Accounts referred to the problems as “cascading instantly.” A hospital operator’s
`
`Chief Information Officer said 15,000 of its servers went down affecting 40,000 of its 150,000
`
`computers.15
`
`35.
`
`CrowdStrike’s defective Falcon update caused what has been described as the
`
`largest Information Technology (IT) outage in history, crashing millions of computers. Major
`
`
`
`14 Brian Fung, We Finally Know What Caused the Global Tech Outage – and How Much it Cost,
`CNN BUSINESS (July 24, 2024), https://www.cnn.com/2024/07/24/tech/crowdstrike-outage-cost-
`cause/index.html (accessed July 25, 2024).
`
`15 Adam Satariano, Paul Mozur, Kate Conger and Sheera Frenkel, Chaos and Confusion: Tech
`Outage Causes Disruptions Worldwide, NEW YORK TIMES
`(July
`19,
`2024),
`https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html
`(accessed July 24, 2024) (including hospital system); Fung, supra; Tom Warren, CrowdStrike
`Blames Test Software for Taking Down 8.5 Million Windows Machines, THE VERGE (July 24,
`2024), https://www.theverge.com/2024/7/24/24205020/crowdstrike-test-software-bug-windows-
`bsod-issue (accessed July 25, 2024).
`
`9
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 10 of 33
`
`airlines requested a “global ground stop” from the Federal Aviation Administration. 16 The outage
`
`disrupted airlines, train networks, hospitals, and television stations.17
`
`36.
`
` A letter from two leaders of Congress’ Homeland Security Committee, Mark Green
`
`and Andrew Garbarino to CrowdStrike’s CEO stated, “[i]n less than one day, we have seen major
`
`impacts to key functions of the global economy, including aviation, healthcare, banking, media,
`
`and emergency services.”18 Numerous Fortune 500 companies use CrowdStrike products. An
`
`insurance firm estimated that the healthcare and banking industries were especially affected, with
`
`Fortune 500 airlines next behind them. The outage may have cost Fortune 500 companies as much
`
`as $5.4 billion, with Fortune 500 airlines losing a collective $860 million.19
`
`C.
`
`CrowdStrike’s Outage Harmed Delta Airlines and Its Customers.
`
`37.
`
`Among the airlines, the CrowdStrike Outage hit Delta Airlines especially hard.
`
`Delta canceled more than 5,000 flights between the start of the outage on early July 19, 2024, and
`
`July 25, 2024, when Delta’s flights reportedly resumed. The outage disabled Delta’s crew-tracking
`
`system, preventing it from locating pilots and flight attendants to reschedule flights. Even after
`
`Delta got its systems running again, the crew tracking system remained dysfunctional and
`
`overloaded.
`
`
`
`16 Letter from Congress Members Mark Green, M.D. and Andrew Garbarino to George Kurtz,
`CEO of CrowdStrike Holdings, Inc., Austin, TX (July 22, 2024).
`
`17 Eshe Nelson and Danielle Kaye, What We Know About the Global Microsoft Outage, NEW YORK
`TIMES (July 19, 2024), https://www.nytimes.com/2024/07/19/technology/microsoft-crowdstrike-
`outage-what-happened.html (accessed July 24, 2024).
`
`18 Letter from Congress Members Green and Garborino.
`
`19 Fung, supra.
`
`10
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 11 of 33
`
`38.
`
`The CrowdStrike Outage shut down more than 37,000 Delta computers and
`
`affected over 1.3 million Delta customers.20
`
`39.
`
`Delta’s Chief Information Officer said in a video to employees that Delta had to
`
`manually repair over 1,500 systems that had gone offline in a time-consuming restart process.21
`
`40.
`
`An early estimate stated CrowdStrike’s Outage required Delta to manually restart
`
`40,000 affected computer servers.22 CrowdStrike referred Delta to CrowdStrike’s remediation
`
`website, which instructed Delta to manually reboot every affected machine.23 Delta’s CEO Ed
`
`Bastian later said not all its servers came back “the way they left when they went off.”24
`
`41.
`
`Bastian stated Delta especially relied on CrowdStrike, so it was difficult to decouple
`
`it from the Windows operating system. He stated, referring to CrowdStrike, “You can’t come into
`
`a mission critical 24/7 operation and tell us we have a bug.” He added the outage cost Delta half
`
`a billion dollars, including lost revenue and tens of millions of dollars a day for hotel costs and
`
`other customer compensation.25 Delta’s counsel stated Delta’s backup systems also relied on
`
`CrowdStrike.26
`
`
`
`20 Letter from David Boies to Michael Carlinsky at 1 (Aug. 8, 2024).
`
`21 Gareth Vipers and James Rundle, CrowdStrike Explains What Went Wrong Days After Global
`Tech Outage, WALL ST. J. (July 24, 2024), https://www.wsj.com/articles/crowdstrike-software-
`bug-global-tech-outage-96a9c937?mod=tech_lead_pos3 (accessed July 25, 2024).
`
`22 Roberto Torres, ed., Delta Grapples with $500M in CrowdStrike Outage Costs, CIO DIVE, (July
`31, 2024), https://www.ciodive.com/news/delta-crowdstrike-outage-costs/722970/ (accessed July
`31, 2024). Similarly, United Airlines manually rebooted over 26,000 computers. Id.
`23 Letter from David Boies to Michael Carlinsky at 2.
`
`24 Kelly Yamanouchi, Delta CEO: CrowdStrike Outage Cost Airline ‘Half a Billion Dollars, THE
`ATLANTA-JOURNAL CONSTITUTION (July 31, 2024).
`
`25 Id.
`26 Letter from David Boies to Michael Carlinsky at 3.
`
`11
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 12 of 33
`
`42.
`
`Delta’s customers continued to suffer the effects of the outage for days after other
`
`airlines resumed normal operations. An estimated half a million customers were left waiting for
`
`hours in crowded airports while flights were repeatedly delayed only to be eventually canceled. 27
`
`Customers unable to access Delta’s website spent hours in line or on the phone to be booked on
`
`other flights that were also canceled. Others resorted to booking on other airlines or renting cars,
`
`frequently without luggage that arrived at their destination without them.28
`
`43.
`
`Delta’s efforts to compensate customers only cover a portion of the costs incurred
`
`as a direct result of the CrowdStrike Outage. Delta’s offer to reimburse out-of-pocket expenses
`
`such as hotel rooms, meals, and ground transportation is limited to largely undefined “reasonable
`
`costs.” Reimbursement for flights booked on other airlines is limited to “the same cabin of service
`
`or lower” regardless of the availability of these seats.29
`
`44.
`
`Delta’s definition of “reasonable costs” expressly does not include “prepaid
`
`expenses, including but not limited to hotel reservations at the customer’s destination, vacation
`
`experiences, lost wages, concerts or other tickets.”30 This policy leaves Delta’s customers with
`
`hundreds or thousands of dollars of nonrefundable expenses during what the Transportation
`
`
`
`27 Chris Isidore, Isabel Rosales, and Amanda Musa, Delta is still melting down. It could last all
`week, CNN
`(July
`24,
`2024),
`https://www.cnn.com/2024/07/23/business/delta-flight-
`cancellations/index.html (accessed Aug. 4, 2024).
`
`28 Susan Tompor, Delta customers lost time, money. How to file claims, complaints, USA TODAY
`(July 26, 2024), https://www.usatoday.com/story/travel/columnist/2024/07/26/how-delta-airlines-
`passengers-can-file-claims/74555651007/ (accessed Aug. 4, 2024).
`
`29 Staff Writer, What Delta is doing to make things right for customers impacted by CrowdStrike
`disruption, DELTA NEWS HUB (July 26, 2024), https://news.delta.com/what-delta-doing-make-
`things-right-customers-impacted-crowdstrike-disruption (accessed Aug. 4, 2024).
`
`30 DELTA NEWS HUB, supra.
`
`12
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 13 of 33
`
`Security Administration projected to be the busiest travel season in history,31 and CNN stated was
`
`Delta’s “busiest travel period of the summer.”32 Many of those lost experiences, such as missed
`
`weddings, concerts, or tightly-scheduled vacations, cannot be rescheduled.33
`
`45.
`
`“Reasonable costs” also do not cover the hours customers spent waiting for
`
`eventually canceled flights, making alternative travel plans, on the phone with Delta customer
`
`service, recovering luggage, or gathering and submitting the documentation needed to receive what
`
`reimbursement Delta is offering.34
`
`D.
`
`CrowdStrike Foresaw the Outage and Its Impact.
`
`46.
`
`CrowdStrike told its investors (and therefore likely told its customers) that its
`
`technology was validated, tested, and certified. However, CrowdStrike had instituted deficient
`
`controls for testing updates to Falcon before rolling the updates out to customers. CrowdStrike’s
`
`inadequate testing created a substantial risk that an update to Falcon could cause major outages for
`
`a significant number of CrowdStrike’s customers.
`
`47.
`
`CrowdStrike executives were aware of the difficulty of an airline trying to manually
`
`reset numerous devices on a large business’s network. In a conference call with investors and
`
`investment analysts on November 28, 2023, CrowdStrike’s CEO Greg Kurtz stated that
`
`
`
`31 Teodora Mitov, TSA projects busiest travel season in history this summer, NEWSNATION (June
`12, 2024), https://www.newsnationnow.com/travel/tsa-summer-travel-season/, (accessed Aug. 4,
`2024).
`32 Isidore et al., supra.
`33 See Samantha Iacia, When Is Wedding Season? Here Are the Most Popular Wedding Months,
`THE KNOT
`(Mar. 19, 2024), https://www.theknot.com/content/is-there-an-off-season-for-
`weddings, (accessed Aug. 4, 2024) (25% of couples were married between June and August 2023);
`Lester Fabian Brathwaite, ENTERTAINMENT WEEKLY (July 19, 2024), Your guide to 2024's biggest
`music tours, (accessed Aug. 4, 2024).
`
`34 Tompor, supra.
`
`13
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 14 of 33
`
`CrowdStrike has “many airlines that use our technology.” He added, “[t]hey don’t want to send
`
`out an IT person to go fix a kiosk that has a Microsoft blue screen.” His solution was that they
`
`could pay CrowdStrike to use Falcon for IT.35 Earlier in those remarks he expressed gratitude for
`
`customers who trusted CrowdStrike “as their cyber security platform consolidator for the AI
`
`era[.]” (emphasis added). He stated, “[f]rom hygiene to patching, Falcon for IT lets customers
`
`consolidate multiple use cases and replace legacy products with our single agent architecture.” 36
`
`But such consolidation and “single agent architecture” as CrowdStrike advocated meant that if its
`
`single agent erred, the architecture could disrupt an entire enterprise network, as CrowdStrike
`
`executives reasonably must have known.
`
`48.
`
`CrowdStrike executives knew or must have known from personal and company
`
`experience about the difficulties that a flawed network update could cause. CrowdStrike’s current
`
`CEO George Kurtz served as a customer-facing Field Chief Technology Officer at McAfee from
`
`2009 to 2011. In 2010, McAfee released a flawed security software update that mistakenly
`
`misidentified a critical Windows file as a virus. In an “eerily similar” incident, McAfee’s error
`
`crashed millions of computers and got them stuck in reboot loops. As in the CrowdStrike Outage,
`
`the only fix for McAfee’s error was manual intervention, and the problem created chaos for
`
`numerous businesses and computer users.37
`
`49. More recently, in April [2024], CrowdStrike pushed a software update to customers
`
`running on the Linux operating system that also crashed computers. That outage took CrowdStrike
`
`
`
`35 CrowdStrike Holdings, Inc. (CRWD) Q3 2024 Earnings Call Transcript, supra.
`
`36 Id.
`
`37 Adrian Volenik, CrowdStrike CEO Was Working For McAfee in 2010 When There Was A Global
`Tech Outage Too, YAHOO!FINANCE, (July 25, 2024), https://finance.yahoo.com/news/crowdstrike-
`ceo-involved-another-global-200015346.html (accessed August 1, 2024).
`
`14
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 15 of 33
`
`nearly five days to resolve. CrowdStrike promised those customers that it would improve its
`
`testing process going forward.38
`
`50.
`
`Accordingly, CrowdStrike knew its Falcon system concentrated security efforts
`
`into a “single agent architecture” that expanded the chaos its software error could cause, that a
`
`software error could crash and trap millions of computers in reboot loops, that it had problems
`
`with testing updates, and that in the event of an update error, its many airline customers could have
`
`problems manually rebooting numerous individual endpoints facing the blue Windows failure
`
`screen.
`
`E.
`
`Reasonable Precautions Would Have Prevented or Limited the Outage and Its
`Impact.
`
`51.
`
`CrowdStrike reportedly conducts some testing of its software updates but fell short
`
`of a reasonable software provider’s conduct in preparing and pushing out the defective Falson
`
`update that caused the CrowdStrike Outage. CrowdStrike admitted it had a “bug” in its testing
`
`system. The bug reportedly resided in part of the validation system that runs validation checks on
`
`new updates before their release. This failure allowed the software update to be pushed out despite
`
`containing “problematic content data.”39
`
`52.
`
`CrowdStrike reportedly assumed its system would work because it had been used
`
`in a March [2024] deployment.40 But given the worldwide deployment and the potential for
`
`mischief, such an assumption about CrowdStrike’s systems proved unwise and unwarranted.
`
`
`
`38 Adam Satariano, Paul Mozur, Kate Conger and Sheera Frenkel, Chaos and Confusion: Tech
`Outage Causes Disruptions Worldwide, NEW YORK TIMES
`(July
`19,
`2024),
`https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html
`(accessed July 24, 2024).
`
`39 Fung, supra; Vipers and Rundle, supra.
`
`40 Warren, supra.
`
`15
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 16 of 33
`
`Former senior White House National Security Council director Steve Kelly called it “alarming
`
`when patches and updates that are intended for systems that have true operational impact are not
`
`tested and validated before going into production.”41
`
`53.
`
`In addition to monitoring and testing its testing system, reasonable efforts to test
`
`the update and stage its distribution would have avoided or considerably limited the CrowdStrike
`
`Outage. For example, the update should have been sent to a single test computer or network of
`
`Windows computers in a quarantined system and that system should have been tried and tested
`
`with the update.42
`
`54.
`
`Similarly, CrowdStrike should have pushed out its update sequentially so it could
`
`better observe the update’s effects before sending it out to the next network. Such a staged or
`
`sequential issuance would at least have limited the global effects of the update and its outage. In
`
`a staggered deployment strategy, the company initially releases updates to a small group of
`
`computers, and then availability is slowly expanded once it becomes clear the update has not
`
`caused major problems.
`
`55.
`
`Since the CrowdStrike Outage, CrowdStrike has promised to improve its testing to
`
`prevent similar outages. As summarized in online technology magazine THE VERGE,
`
`To prevent this from happening again, CrowdStrike is promising to
`improve its Rapid Response Content testing by using local
`developer testing, content update and rollback testing, alongside
`stress testing, fuzzing, and fault injection. CrowdStrike will also
`
`
`
`41 Joseph Menn and Aaron Gregg, CrowdStrike Blames Global IT Outage on Bug in Checking
`Updates,
`THE
`WASHINGTON
`POST
`(July
`24,
`2024),
`https://www.washingtonpost.com/business/2024/07/24/crowdstrike-microsoft-crash-bug-report/
`(accessed July 31, 2024).
`
`42 Vipers and Rundle, supra (quoting former McAfee executive); Menn and Gregg, supra (some
`security experts said they were appalled to learn “that CrowdStrike had not first deployed the
`update to a full-fledged computer running Windows and then rolled it out gradually, so that any
`mistake would have been detected before it disabled computers around the world.”).
`
`16
`
`
`
`
`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 17 of 33
`
`perform stability testing and content interface testing on Rapid
`Response Content.43
`
`56.
`
`Since the Outage, CrowdStrike has stated it would improve monitoring of its system
`
`and sensor performance and would help guide a “phased rollout.” CrowdStrike has also stated it
`
`will in the future give customers more control over when Rapid Response Content updates are
`
`deployed so hazardous updates do not necessarily hit all of everyone’s computers when workers
`
`and IT departments are off duty (e.g, around midnight).44 These concessions show that
`
`CrowdStrike had control over the update and that different procedures were feasible before the
`
`CrowdStrike Outage, and would have avoided or limited the extent of the Outage.
`
`57.
`
`On August 10, 2024, CrowdStrike’s president accepted the Pwnie [sic] computer
`
`award for the “most epic fail.” He stated he was there “[b]cause we got this horribly wrong, we’ve
`
`said this a number of times, and it’s super important to own it when you do things well, it’s super
`
`important to own it when you do things horribly wrong.”45
`
`V.
`
`CLASS ALLEGATIONS
`
`58.
`
`Plaintiffs bring this nationwide class action on behalf of themselves and on behalf
`
`of others similarly situated pursuant to Rule 23(b)(3) and 23(c)(4) of the Federal Rules of Civil
`
`Procedure.
`
`43 Warren, supra.
`
`
`
`44 Andrew Cunningham, CrowdStrike Blames Testing Bugs f