throbber
Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 1 of 33
`
`UNITED STATES DISTRICT COURT
`WESTERN DISTRICT OF TEXAS
`AUSTIN DIVISION
`
`
`
`Civil Action No. ____________________
`
`
`CLASS ACTION
`
`DEMAND FOR JURY TRIAL
`
`
`CHRISTOPHER HARLAN and SARA
`HARLAN,
`
`Plaintiffs,
`
`v.
`
`CROWDSTRIKE HOLDINGS, INC., and
`CROWDSTRIKE, INC.,
`
`Defendants
`
`
`
`
`I.
`
`INTRODUCTION
`
`CLASS ACTION COMPLAINT
`
`1.
`
`Many large businesses, like major airlines, and government agencies use software
`
`from CrowdStrike Holdings, Inc. and CrowdStrike, Inc. (collectively, “CrowdStrike”), one of the
`
`largest cybersecurity companies, to keep their many computer terminals secure from hackers.
`
`CrowdStrike attaches deeply within the Windows operating system to anticipate innovative
`
`hackers, but that deep-level attachment also gives CrowdStrike greater ability to trigger a computer
`
`failure.1
`
`2.
`
`CrowdStrike’s executives knew their design involved the operating system and
`
`knew its many airline customers would have difficulty repairing numerous blue failure screens on
`
`
`
`1 Joseph Menn and Aaron Gregg, CrowdStrike Blames Global IT Outage on Bug in Checking
`Updates,
`THE
`WASHINGTON
`POST
`(July
`24,
`2024),
`https://www.washingtonpost.com/business/2024/07/24/crowdstrike-microsoft-crash-bug-report/
`(accessed July 31, 2024)
`
`1
`
`
`1:24-cv-00954
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 2 of 33
`
`all their terminals and kiosks.2 CrowdStrike’s CEO told investors its many airline customers
`
`“don’t want to send out an IT person to go fix a kiosk that has a Microsoft blue screen,” so the
`
`airlines should exclusively use CrowdStrike’s Falcon security platform.3 CrowdStrike also knew
`
`that it pushed updates out nearly simultaneously to all of its customers and all of their computer
`
`networks, which, as its prior experiences showed, could crash computers that would get stuck
`
`trying repetitively but unsuccessfully to reboot.
`
`3.
`
`Despite that knowledge, early on Friday, July 29, 2024, CrowdStrike pushed out an
`
`ill-designed and poorly tested update to its Falcon software, causing the largest computer outage
`
`in history (the “CrowdStrike Outage”). Delta Airlines especially relied on CrowdStrike for its
`
`many Windows computers and terminals.
`
`4.
`
`As a result of the Outage, thousands of Delta’s computers crashed and had to be
`
`manually rebooted. Delta could not even locate many of its flight crews because that information
`
`was in the computers. As a direct result of CrowdStrike’s knowing negligence, Delta had to cancel
`
`thousands of flights, stranding, and confounding the travel of, thousands of travelers that Delta had
`
`promised to deliver on time to their destinations, destroying the value of many events for which
`
`customers had paid, and collectively costing these travelers millions of dollars. But for the failures
`
`
`
`2 The “blue screen of death” appears on Windows computer screens when a critical error (or “stop
`error”) has caused the Windows operating system to crash, often indicating an error in the operating
`system’s deeper levels. Davey Winder, Blue Screen of Death—Microsoft Says Turn It Off And On
`Again
`And
`Again
`And
`Again,
`FORBES
`(July
`20,
`2024),
`https://www.forbes.com/sites/daveywinder/2024/07/20/blue-screen-of-death-microsoft-says-turn-
`it-off-and-on-again-and-again-and-again/ (accessed August 9, 2024).
`
`3 See CrowdStrike Holdings, Inc. (CRWD) Q3 2024 Earnings Call Transcript, SEEKINGALPHA
`(Nov. 28, 2023), https://seekingalpha.com/article/4654747-crowdstrike-holdings-inc-crwd-q3-
`2024-earnings-call-transcript (accessed August 1, 2024).
`
`2
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 3 of 33
`
`and harms caused by CrowdStrike, which were foreseeable, Plaintiffs and Class Members would
`
`not have been damaged.
`
`5.
`
`Accordingly, Plaintiffs bring this action to redress the CrowdStrike’s knowing and
`
`careless disruption of Delta’s systems and its promises to its travelers.
`
`II.
`
`JURISDICTION AND VENUE
`
`6.
`
`This Court has subject matter jurisdiction under the Class Action Fairness Act of
`
`2005 (“CAFA”), 28 U.S.C. §§ 1332(d)(2) and (6) because (i) there are 100 or more class members,
`
`(ii) the aggregate amount in controversy exceeds $5,000,000 exclusive of interest and costs, and
`
`(iii) the case has minimal diversity because at least one plaintiff and one defendant are citizens of
`
`different states.
`
`7.
`
`Venue is also proper in this judicial district under 28 U.S.C. § 1391 because
`
`Defendant transacts substantial business here. On information and belief, CrowdStrike supplied
`
`software to Delta for computer equipment operating in this district and therefore received revenue
`
`and profits from its subscriptions in this district. The Austin, Texas, airport was among the airports
`
`where the CrowdStrike Outage affected Delta flights.4
`
`8.
`
`This Court has personal jurisdiction over CrowdStrike by virtue of its transactions,
`
`business presence, and business conducted in this judicial district. Defendant CrowdStrike has
`
`transacted and done business and committed knowing negligence and interfered with contracts in
`
`
`
`4 Rachel Royster, Austin Air Travel Affected by CrowdStrike Outage; CapMetro Public Transit
`Back
`on
`Track,
`AUSTIN-AMERICAN
`STATESMAN
`(July
`19,
`2024),
`https://www.statesman.com/story/news/local/2024/07/19/austin-bergstrom-international-airport-
`cancel-travel-crowdstrike-tech-outage-capmetro-public-transit/74470631007/ (accessed August 9,
`2024).
`
`3
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 4 of 33
`
`this judicial district by pushing its defective software update to computers in this State and violated
`
`common law negligence doctrine in this State and district.
`
`III.
`
`PARTIES
`
`9.
`
`Plaintiff Christopher Harlan is a citizen of Iowa and resides in Urbandale, Iowa.
`
`10.
`
`Plaintiff Sara Harlan is a citizen of Iowa and resides in Urbandale, Iowa. Sara
`
`Harlan and Christopher Harlan are married and are sometimes referred to collectively as
`
`“Plaintiffs.”
`
`11.
`
` Plaintiffs purchased airline tickets for to return from their vacation in the
`
`Dominican Republic to Atlanta, Georgia, and then to fly on Delta from Atlanta home to the Des
`
`Moines, Iowa, airport on July 22, 2024. As a result of the CrowdStrike Outage, Delta canceled
`
`Plaintiffs’ flight from Atlanta to get home.
`
`12.
`
`Plaintiffs each spent time booking replacement flights home, only to find
`
`replacement flights were canceled, sometimes after multiple delays. One flight was from Atlanta
`
`to Omaha, Nebraska, so Plaintiff Christopher Harlan booked a rental car to drive from Omaha to
`
`Des Moines. The flight to Omaha was also delayed and then canceled.
`
`13.
`
`Plaintiff Sara Harlan booked a hotel room in Atlanta for the rest of the night of July
`
`22, 2024, using their joint credit card. Plaintiffs took an Uber ride to the hotel, leaving the airport
`
`after midnight. At the hotel, they had to wait an hour to check in, finally getting to their room
`
`around 2:30 a.m. Their hotel room cost $139.60. They also incurred an Uber ride back to the
`
`airport. Their Uber rides to and from the airport cost $35.04.
`
`14.
`
`Plaintiffs finally boarded a flight that traveled on July 23, 2024, and they arrived in
`
`Des Moines on that date. In Iowa, Plaintiffs paid for extra parking at the airport and for an extra
`
`day of house-sitting.
`
`4
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 5 of 33
`
`15.
`
`As a result of the CrowdStrike Outage and Plaintiffs’ delayed flights, they incurred
`
`out-of-pocket expenses that would not otherwise have been required. His additional expenses
`
`included food at the airport on July 22 and 23, 2024, a night at the hotel, Uber rides to and from
`
`the hotel, and additional parking and house-sitting.
`
`16.
`
`CrowdStrike Holdings, Inc., is incorporated in Delaware. CrowdStrike started in
`
`Sunnyvale, California, in Silicon Valley, but designated Austin, Texas, as its headquarters in 2021.
`
`CrowdStrike Holdings controls its subsidiaries and conducts its business through subsidiaries
`
`acting as its agents, including CrowdStrike, Inc.
`
`17.
`
`CrowdStrike, Inc., is a Delaware corporation with its principal place of business in
`
`Austin, Texas. CrowdStrike, Inc. is a direct subsidiary of CrowdStrike Holdings, Inc. CrowdStrike
`
`Holdings, Inc., and CrowdStrike, Inc., are collectively referred to as “CrowdStrike.” CrowdStrike
`
`considers its accounting on a consolidated basis and considers itself as one operating and
`
`reportable segment.
`
`18.
`
`CrowdStrike is a cybersecurity enterprise. CrowdStrike’s primary offering is its
`
`Falcon platform. CrowdStrike has over 8,400 employees, collected over $23 billion in 2023
`
`revenue, and serves about 29,000 customers, including many Fortune 500 airlines and other
`
`companies.
`
`IV.
`
`FACTUAL ALLEGATIONS
`
`19. With a $77.4 billion 2024 market valuation, CrowdStrike is the second-largest
`
`global cybersecurity company. Palo Alto Networks has the largest market capitalization. Other
`
`large cybersecurity companies include Fortinet, Cloudflare, Zscaler, Check Point Software,
`
`5
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 6 of 33
`
`Leidos, Okta, Akami, and Gen Digital.5 Corporate business antivirus tools differ from consumer
`
`antivirus products in that business tools protect a network of devices within an organization.
`
`Business security tools are referred to as endpoint security “because they protect multiple devices
`
`under a single network, and these devices are called endpoints.”6
`
`A.
`
`CrowdStrike Falcon and Endpoint Security Protection Software.
`
`20.
`
`Consumer antivirus products tend to be reactive and focus on preventing known
`
`malware from infecting that device. Each device requires a separate software installation.
`
`Consumer antivirus software scans devices for signatures associated with malware and compares
`
`them to databases of known malware signatures that the antivirus companies maintain.7
`
`21.
`
`Business endpoint cyber-security software is more proactive in preventing attacks
`
`from occurring. Those programs “usually employ artificial intelligence and machine learning to
`
`detect threats whose signatures may not be known.” The artificial intelligence may be used to
`
`“identify threat patterns and stop them before they can cause issues.”8
`
`22.
`
`Revenue for the global endpoint security market is forecast to grow from $16.25
`
`billion in 2024 to $36.59 billion in 2028.9
`
`
`
`5 Statista Report, COMPANIES & PRODUCTS—CROWDSTRIKE at 7 (2024).
`
`6 Benedict Collins, Best Endpoint Protection Software of 2024, TECHRADAR PRO (June 26, 2024),
`https://www.techradar.com/news/best-endpoint-security-software (accessed August 1, 2024).
`
`7 Id.
`
`8 Id.
`
`9 Forecast Revenue from Endpoint Security Market Worldwide Form 2024 to 2028, STATISTA
`(2024), https://www.statista.com/statistics/497965/endpoint-security-market/ (accessed August 1,
`2024).
`
`6
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 7 of 33
`
`23.
`
`CrowdStrike’s cyber-security solutions
`
`include endpoint protection,
`
`threat
`
`intelligence, incident response, and endpoint detection and response.10 CrowdStrike’s customers
`
`include government agencies and multinational corporations in several industries including
`
`airlines, banks, hospitals, and telecommunications firms.11 CrowdStrike’s subscription revenue
`
`grew from $219.4 million in 2019 to $2.11 billion in 2023, considerably surpassing its professional
`
`services revenue.12 Accordingly, CrowdStrike knew most of its work was for ongoing customers
`
`such as Delta Airlines.
`
`CrowdStrike Segment Revenue (in $US millions)
`
`2500
`
`2000
`
`1500
`
`1000
`
`500
`
`0
`
`2023
`
`2022
`
`2021
`
`2020
`
`2019
`
`Subscription
`
`Professional
`Services
`
`2019
`
`2020
`
`2021
`
`2022
`
`2023
`
`
`
`
`
`10 CrowdStrike Inc – Company Profile, GLOBALDATA, https://www.globaldata.com/company-
`profile/crowdstrike-inc/ (accessed July 25, 2024)
`
`11 Adam Satariano, Paul Mozur, Kate Conger and Sheera Frenkel, Chaos and Confusion: Tech
`Outage Causes Disruptions Worldwide, NEW YORK TIMES
`(July
`19,
`2024),
`https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html
`(accessed July 24, 2024)
`
`12 Statista Report, COMPANIES & PRODUCTS—CROWDSTRIKE, supra, at 10.
`
`7
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 8 of 33
`
`24.
`
`CrowdStrike’s flagship service is its Falcon software platform, which is said to use
`
`machine learning and other artificial intelligence to detect, prevent, and respond to cyber-security
`
`threats. CrowdStrike claims Falcon’s key advantage is its ability to keep up with threats through
`
`rapid innovation. CrowdStrike claims its platform collects data to identify hackers’ shifting tactics
`
`and continuously improves to keep customers ahead of attackers’ newest approaches.
`
`25.
`
`CrowdStrike’s Falcon software, like other security platforms, attaches to Microsoft
`
`Windows deeply within the Windows operating system.13 CrowdStrike regularly updates the
`
`platform in at least two ways. First, “Sensor Content” updates directly affect Falcon’s sensor.
`
`Second, “Rapid Response Content” updates adjust how those sensors behave in trying to detect
`
`threats.
`
`B.
`
`The Global CrowdStrike Outage.
`
`26.
`
`Shortly after midnight Eastern time on the morning of July 19, 2024, CrowdStrike
`
`pushed out a defective update for its Falcon platform. CrowdStrike intended the update to provide
`
`what it calls Rapid Response Content to its sensor malware detection component.
`
`27.
`
`Because Falcon is an endpoint system, CrowdStrike pushed the update
`
`simultaneously to thousands of separate computer endpoints—likely to most computer terminals
`
`in Delta’s computer network, as well as to each endpoint in thousands of other computer networks
`
`that CrowdStrike services.
`
`28.
`
`CrowdStrike included a defective data file in the update it sent to the detection
`
`unit’s Content Interpreter. The defect caused an out-of-bounds exception in the Windows software.
`
`13 Menn and Gregg, supra.
`
`
`
`8
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 9 of 33
`
`At Windows’ deeper level of the operating system, crashes can more readily spread across the
`
`operating system than at the more surface level at which user’s visible programs normally operate.
`
`29.
`
`CrowdStrike’s defect and its out-of-bounds exception caused many of these
`
`computer endpoints to crash.
`
`30.
`
`CrowdStrike attempted to roll back its defective update at 1:27 a.m. Eastern time,
`
`but by then it had already affected millions of computers on numerous networks.14
`
`31.
`
`Because of the computer system crashes, users’ computers greeted them with
`
`Windows’ blue warning screen, often called the Blue Screen of Death.
`
`32.
`
`CrowdStrike’s defective update further caused affected computers to shut down and
`
`endlessly, but unsuccessfully, attempt to reboot, sometimes called a “doom loop.”
`
`33.
`
`The nature of these operating system crashes meant that each endpoint required
`
`manual intervention to restart.
`
`34.
`
`Accounts referred to the problems as “cascading instantly.” A hospital operator’s
`
`Chief Information Officer said 15,000 of its servers went down affecting 40,000 of its 150,000
`
`computers.15
`
`35.
`
`CrowdStrike’s defective Falcon update caused what has been described as the
`
`largest Information Technology (IT) outage in history, crashing millions of computers. Major
`
`
`
`14 Brian Fung, We Finally Know What Caused the Global Tech Outage – and How Much it Cost,
`CNN BUSINESS (July 24, 2024), https://www.cnn.com/2024/07/24/tech/crowdstrike-outage-cost-
`cause/index.html (accessed July 25, 2024).
`
`15 Adam Satariano, Paul Mozur, Kate Conger and Sheera Frenkel, Chaos and Confusion: Tech
`Outage Causes Disruptions Worldwide, NEW YORK TIMES
`(July
`19,
`2024),
`https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html
`(accessed July 24, 2024) (including hospital system); Fung, supra; Tom Warren, CrowdStrike
`Blames Test Software for Taking Down 8.5 Million Windows Machines, THE VERGE (July 24,
`2024), https://www.theverge.com/2024/7/24/24205020/crowdstrike-test-software-bug-windows-
`bsod-issue (accessed July 25, 2024).
`
`9
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 10 of 33
`
`airlines requested a “global ground stop” from the Federal Aviation Administration. 16 The outage
`
`disrupted airlines, train networks, hospitals, and television stations.17
`
`36.
`
` A letter from two leaders of Congress’ Homeland Security Committee, Mark Green
`
`and Andrew Garbarino to CrowdStrike’s CEO stated, “[i]n less than one day, we have seen major
`
`impacts to key functions of the global economy, including aviation, healthcare, banking, media,
`
`and emergency services.”18 Numerous Fortune 500 companies use CrowdStrike products. An
`
`insurance firm estimated that the healthcare and banking industries were especially affected, with
`
`Fortune 500 airlines next behind them. The outage may have cost Fortune 500 companies as much
`
`as $5.4 billion, with Fortune 500 airlines losing a collective $860 million.19
`
`C.
`
`CrowdStrike’s Outage Harmed Delta Airlines and Its Customers.
`
`37.
`
`Among the airlines, the CrowdStrike Outage hit Delta Airlines especially hard.
`
`Delta canceled more than 5,000 flights between the start of the outage on early July 19, 2024, and
`
`July 25, 2024, when Delta’s flights reportedly resumed. The outage disabled Delta’s crew-tracking
`
`system, preventing it from locating pilots and flight attendants to reschedule flights. Even after
`
`Delta got its systems running again, the crew tracking system remained dysfunctional and
`
`overloaded.
`
`
`
`16 Letter from Congress Members Mark Green, M.D. and Andrew Garbarino to George Kurtz,
`CEO of CrowdStrike Holdings, Inc., Austin, TX (July 22, 2024).
`
`17 Eshe Nelson and Danielle Kaye, What We Know About the Global Microsoft Outage, NEW YORK
`TIMES (July 19, 2024), https://www.nytimes.com/2024/07/19/technology/microsoft-crowdstrike-
`outage-what-happened.html (accessed July 24, 2024).
`
`18 Letter from Congress Members Green and Garborino.
`
`19 Fung, supra.
`
`10
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 11 of 33
`
`38.
`
`The CrowdStrike Outage shut down more than 37,000 Delta computers and
`
`affected over 1.3 million Delta customers.20
`
`39.
`
`Delta’s Chief Information Officer said in a video to employees that Delta had to
`
`manually repair over 1,500 systems that had gone offline in a time-consuming restart process.21
`
`40.
`
`An early estimate stated CrowdStrike’s Outage required Delta to manually restart
`
`40,000 affected computer servers.22 CrowdStrike referred Delta to CrowdStrike’s remediation
`
`website, which instructed Delta to manually reboot every affected machine.23 Delta’s CEO Ed
`
`Bastian later said not all its servers came back “the way they left when they went off.”24
`
`41.
`
`Bastian stated Delta especially relied on CrowdStrike, so it was difficult to decouple
`
`it from the Windows operating system. He stated, referring to CrowdStrike, “You can’t come into
`
`a mission critical 24/7 operation and tell us we have a bug.” He added the outage cost Delta half
`
`a billion dollars, including lost revenue and tens of millions of dollars a day for hotel costs and
`
`other customer compensation.25 Delta’s counsel stated Delta’s backup systems also relied on
`
`CrowdStrike.26
`
`
`
`20 Letter from David Boies to Michael Carlinsky at 1 (Aug. 8, 2024).
`
`21 Gareth Vipers and James Rundle, CrowdStrike Explains What Went Wrong Days After Global
`Tech Outage, WALL ST. J. (July 24, 2024), https://www.wsj.com/articles/crowdstrike-software-
`bug-global-tech-outage-96a9c937?mod=tech_lead_pos3 (accessed July 25, 2024).
`
`22 Roberto Torres, ed., Delta Grapples with $500M in CrowdStrike Outage Costs, CIO DIVE, (July
`31, 2024), https://www.ciodive.com/news/delta-crowdstrike-outage-costs/722970/ (accessed July
`31, 2024). Similarly, United Airlines manually rebooted over 26,000 computers. Id.
`23 Letter from David Boies to Michael Carlinsky at 2.
`
`24 Kelly Yamanouchi, Delta CEO: CrowdStrike Outage Cost Airline ‘Half a Billion Dollars, THE
`ATLANTA-JOURNAL CONSTITUTION (July 31, 2024).
`
`25 Id.
`26 Letter from David Boies to Michael Carlinsky at 3.
`
`11
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 12 of 33
`
`42.
`
`Delta’s customers continued to suffer the effects of the outage for days after other
`
`airlines resumed normal operations. An estimated half a million customers were left waiting for
`
`hours in crowded airports while flights were repeatedly delayed only to be eventually canceled. 27
`
`Customers unable to access Delta’s website spent hours in line or on the phone to be booked on
`
`other flights that were also canceled. Others resorted to booking on other airlines or renting cars,
`
`frequently without luggage that arrived at their destination without them.28
`
`43.
`
`Delta’s efforts to compensate customers only cover a portion of the costs incurred
`
`as a direct result of the CrowdStrike Outage. Delta’s offer to reimburse out-of-pocket expenses
`
`such as hotel rooms, meals, and ground transportation is limited to largely undefined “reasonable
`
`costs.” Reimbursement for flights booked on other airlines is limited to “the same cabin of service
`
`or lower” regardless of the availability of these seats.29
`
`44.
`
`Delta’s definition of “reasonable costs” expressly does not include “prepaid
`
`expenses, including but not limited to hotel reservations at the customer’s destination, vacation
`
`experiences, lost wages, concerts or other tickets.”30 This policy leaves Delta’s customers with
`
`hundreds or thousands of dollars of nonrefundable expenses during what the Transportation
`
`
`
`27 Chris Isidore, Isabel Rosales, and Amanda Musa, Delta is still melting down. It could last all
`week, CNN
`(July
`24,
`2024),
`https://www.cnn.com/2024/07/23/business/delta-flight-
`cancellations/index.html (accessed Aug. 4, 2024).
`
`28 Susan Tompor, Delta customers lost time, money. How to file claims, complaints, USA TODAY
`(July 26, 2024), https://www.usatoday.com/story/travel/columnist/2024/07/26/how-delta-airlines-
`passengers-can-file-claims/74555651007/ (accessed Aug. 4, 2024).
`
`29 Staff Writer, What Delta is doing to make things right for customers impacted by CrowdStrike
`disruption, DELTA NEWS HUB (July 26, 2024), https://news.delta.com/what-delta-doing-make-
`things-right-customers-impacted-crowdstrike-disruption (accessed Aug. 4, 2024).
`
`30 DELTA NEWS HUB, supra.
`
`12
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 13 of 33
`
`Security Administration projected to be the busiest travel season in history,31 and CNN stated was
`
`Delta’s “busiest travel period of the summer.”32 Many of those lost experiences, such as missed
`
`weddings, concerts, or tightly-scheduled vacations, cannot be rescheduled.33
`
`45.
`
`“Reasonable costs” also do not cover the hours customers spent waiting for
`
`eventually canceled flights, making alternative travel plans, on the phone with Delta customer
`
`service, recovering luggage, or gathering and submitting the documentation needed to receive what
`
`reimbursement Delta is offering.34
`
`D.
`
`CrowdStrike Foresaw the Outage and Its Impact.
`
`46.
`
`CrowdStrike told its investors (and therefore likely told its customers) that its
`
`technology was validated, tested, and certified. However, CrowdStrike had instituted deficient
`
`controls for testing updates to Falcon before rolling the updates out to customers. CrowdStrike’s
`
`inadequate testing created a substantial risk that an update to Falcon could cause major outages for
`
`a significant number of CrowdStrike’s customers.
`
`47.
`
`CrowdStrike executives were aware of the difficulty of an airline trying to manually
`
`reset numerous devices on a large business’s network. In a conference call with investors and
`
`investment analysts on November 28, 2023, CrowdStrike’s CEO Greg Kurtz stated that
`
`
`
`31 Teodora Mitov, TSA projects busiest travel season in history this summer, NEWSNATION (June
`12, 2024), https://www.newsnationnow.com/travel/tsa-summer-travel-season/, (accessed Aug. 4,
`2024).
`32 Isidore et al., supra.
`33 See Samantha Iacia, When Is Wedding Season? Here Are the Most Popular Wedding Months,
`THE KNOT
`(Mar. 19, 2024), https://www.theknot.com/content/is-there-an-off-season-for-
`weddings, (accessed Aug. 4, 2024) (25% of couples were married between June and August 2023);
`Lester Fabian Brathwaite, ENTERTAINMENT WEEKLY (July 19, 2024), Your guide to 2024's biggest
`music tours, (accessed Aug. 4, 2024).
`
`34 Tompor, supra.
`
`13
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 14 of 33
`
`CrowdStrike has “many airlines that use our technology.” He added, “[t]hey don’t want to send
`
`out an IT person to go fix a kiosk that has a Microsoft blue screen.” His solution was that they
`
`could pay CrowdStrike to use Falcon for IT.35 Earlier in those remarks he expressed gratitude for
`
`customers who trusted CrowdStrike “as their cyber security platform consolidator for the AI
`
`era[.]” (emphasis added). He stated, “[f]rom hygiene to patching, Falcon for IT lets customers
`
`consolidate multiple use cases and replace legacy products with our single agent architecture.” 36
`
`But such consolidation and “single agent architecture” as CrowdStrike advocated meant that if its
`
`single agent erred, the architecture could disrupt an entire enterprise network, as CrowdStrike
`
`executives reasonably must have known.
`
`48.
`
`CrowdStrike executives knew or must have known from personal and company
`
`experience about the difficulties that a flawed network update could cause. CrowdStrike’s current
`
`CEO George Kurtz served as a customer-facing Field Chief Technology Officer at McAfee from
`
`2009 to 2011. In 2010, McAfee released a flawed security software update that mistakenly
`
`misidentified a critical Windows file as a virus. In an “eerily similar” incident, McAfee’s error
`
`crashed millions of computers and got them stuck in reboot loops. As in the CrowdStrike Outage,
`
`the only fix for McAfee’s error was manual intervention, and the problem created chaos for
`
`numerous businesses and computer users.37
`
`49. More recently, in April [2024], CrowdStrike pushed a software update to customers
`
`running on the Linux operating system that also crashed computers. That outage took CrowdStrike
`
`
`
`35 CrowdStrike Holdings, Inc. (CRWD) Q3 2024 Earnings Call Transcript, supra.
`
`36 Id.
`
`37 Adrian Volenik, CrowdStrike CEO Was Working For McAfee in 2010 When There Was A Global
`Tech Outage Too, YAHOO!FINANCE, (July 25, 2024), https://finance.yahoo.com/news/crowdstrike-
`ceo-involved-another-global-200015346.html (accessed August 1, 2024).
`
`14
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 15 of 33
`
`nearly five days to resolve. CrowdStrike promised those customers that it would improve its
`
`testing process going forward.38
`
`50.
`
`Accordingly, CrowdStrike knew its Falcon system concentrated security efforts
`
`into a “single agent architecture” that expanded the chaos its software error could cause, that a
`
`software error could crash and trap millions of computers in reboot loops, that it had problems
`
`with testing updates, and that in the event of an update error, its many airline customers could have
`
`problems manually rebooting numerous individual endpoints facing the blue Windows failure
`
`screen.
`
`E.
`
`Reasonable Precautions Would Have Prevented or Limited the Outage and Its
`Impact.
`
`51.
`
`CrowdStrike reportedly conducts some testing of its software updates but fell short
`
`of a reasonable software provider’s conduct in preparing and pushing out the defective Falson
`
`update that caused the CrowdStrike Outage. CrowdStrike admitted it had a “bug” in its testing
`
`system. The bug reportedly resided in part of the validation system that runs validation checks on
`
`new updates before their release. This failure allowed the software update to be pushed out despite
`
`containing “problematic content data.”39
`
`52.
`
`CrowdStrike reportedly assumed its system would work because it had been used
`
`in a March [2024] deployment.40 But given the worldwide deployment and the potential for
`
`mischief, such an assumption about CrowdStrike’s systems proved unwise and unwarranted.
`
`
`
`38 Adam Satariano, Paul Mozur, Kate Conger and Sheera Frenkel, Chaos and Confusion: Tech
`Outage Causes Disruptions Worldwide, NEW YORK TIMES
`(July
`19,
`2024),
`https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html
`(accessed July 24, 2024).
`
`39 Fung, supra; Vipers and Rundle, supra.
`
`40 Warren, supra.
`
`15
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 16 of 33
`
`Former senior White House National Security Council director Steve Kelly called it “alarming
`
`when patches and updates that are intended for systems that have true operational impact are not
`
`tested and validated before going into production.”41
`
`53.
`
`In addition to monitoring and testing its testing system, reasonable efforts to test
`
`the update and stage its distribution would have avoided or considerably limited the CrowdStrike
`
`Outage. For example, the update should have been sent to a single test computer or network of
`
`Windows computers in a quarantined system and that system should have been tried and tested
`
`with the update.42
`
`54.
`
`Similarly, CrowdStrike should have pushed out its update sequentially so it could
`
`better observe the update’s effects before sending it out to the next network. Such a staged or
`
`sequential issuance would at least have limited the global effects of the update and its outage. In
`
`a staggered deployment strategy, the company initially releases updates to a small group of
`
`computers, and then availability is slowly expanded once it becomes clear the update has not
`
`caused major problems.
`
`55.
`
`Since the CrowdStrike Outage, CrowdStrike has promised to improve its testing to
`
`prevent similar outages. As summarized in online technology magazine THE VERGE,
`
`To prevent this from happening again, CrowdStrike is promising to
`improve its Rapid Response Content testing by using local
`developer testing, content update and rollback testing, alongside
`stress testing, fuzzing, and fault injection. CrowdStrike will also
`
`
`
`41 Joseph Menn and Aaron Gregg, CrowdStrike Blames Global IT Outage on Bug in Checking
`Updates,
`THE
`WASHINGTON
`POST
`(July
`24,
`2024),
`https://www.washingtonpost.com/business/2024/07/24/crowdstrike-microsoft-crash-bug-report/
`(accessed July 31, 2024).
`
`42 Vipers and Rundle, supra (quoting former McAfee executive); Menn and Gregg, supra (some
`security experts said they were appalled to learn “that CrowdStrike had not first deployed the
`update to a full-fledged computer running Windows and then rolled it out gradually, so that any
`mistake would have been detected before it disabled computers around the world.”).
`
`16
`
`
`

`

`Case 1:24-cv-00954-RP Document 1 Filed 08/19/24 Page 17 of 33
`
`perform stability testing and content interface testing on Rapid
`Response Content.43
`
`56.
`
`Since the Outage, CrowdStrike has stated it would improve monitoring of its system
`
`and sensor performance and would help guide a “phased rollout.” CrowdStrike has also stated it
`
`will in the future give customers more control over when Rapid Response Content updates are
`
`deployed so hazardous updates do not necessarily hit all of everyone’s computers when workers
`
`and IT departments are off duty (e.g, around midnight).44 These concessions show that
`
`CrowdStrike had control over the update and that different procedures were feasible before the
`
`CrowdStrike Outage, and would have avoided or limited the extent of the Outage.
`
`57.
`
`On August 10, 2024, CrowdStrike’s president accepted the Pwnie [sic] computer
`
`award for the “most epic fail.” He stated he was there “[b]cause we got this horribly wrong, we’ve
`
`said this a number of times, and it’s super important to own it when you do things well, it’s super
`
`important to own it when you do things horribly wrong.”45
`
`V.
`
`CLASS ALLEGATIONS
`
`58.
`
`Plaintiffs bring this nationwide class action on behalf of themselves and on behalf
`
`of others similarly situated pursuant to Rule 23(b)(3) and 23(c)(4) of the Federal Rules of Civil
`
`Procedure.
`
`43 Warren, supra.
`
`
`
`44 Andrew Cunningham, CrowdStrike Blames Testing Bugs f

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket