CrowdStrike Inc. is facing a proposed consumer class action in federal court brought by flight travelers affected by the company’s software outage, which spurred hundreds of flight delays and caused 8.5 million computers to crash.
CrowdStrike failed to “properly develop, test, and deploy” its Falcon cybersecurity software platform update to ensure it didn’t contain serious bugs or invalid data, according to the Aug. 5 proposed class action complaint filed with the US District Court for the Western District of Texas.
Lead plaintiffs Julio Del Rio, Jack Murphy, and Steven Bixby, who claim they faced interrupted travel and inconveniences due to the outage, are bringing the complaint on behalf of themselves and other travelers who suffered alleged injuries and damages, including lost time incurred by delayed and canceled flights, lost time and money spent mitigating effects of the outage, and other claims.
Had CrowdStrike maintained “reasonable” software development, testing, and validation procedures, it would have been able to prevent the July 19 outage from occurring, the suit says.
The Austin-based cybersecurity company failed by not employing “industry-standard practice” to roll out cybersecurity updates gradually before the flawed update hit their user base, the complaint says. “This process would have prevented the global effects of the CrowdStrike Outage.”
This complaint comes on the heels of the first investor suit filed against CrowdStrike July 31, alleging that the company had told investors that its platform had been sufficiently validated, despite not having sufficient procedures in place to test and update the system.
The outage also had repercussions on Olympic travelers when Delta Air Lines Inc., the official airline of Team USA, was devastated by the outage as it attempted to transport almost 2,000 athletes, staff, and equipment to Paris.
Overall, as many as 46,000 flights were delayed and 5,171 flights were canceled on the first day of the outage alone, according to the complaint.
The consumer class action seeks class certification of all US citizens who had a flight delayed or canceled due to the outage, as well as certification of California, Ohio, and Pennsylvania subclasses.
The class action alleges negligence, a statutory claim of unfair competition under California law, and that the company acted as a pubic nuisance on behalf of the Ohio and Pennsylvania subclasses.
The complaint seeks damages, pre- and post-judgment interest, attorneys’ fees and costs, and declaratory and injunctive relief “designed to prevent Defendant from causing another technology outage by adopting and implementing best software development and testing practices.”
Company founder and CEO George Kurtz apologized to its customers July 19, stating, “you have my commitment to provide full transparency on how this occurred.”
A CrowdStrike spokesperson said in response to the suit, “We believe this case lacks merit and we will vigorously defend the company.”
Cory Fein Law Firm and Barnow & Associates PC represent the plaintiffs.
The case is Del Rio v. CrowdStrike Inc., W.D. Tex., No. 24-00881, Complaint 8/5/24
