In mid-July, a massive information technology outage struck globally, especially sectors like banking, healthcare, and airline travel. The outage was traced to a software update released by cybersecurity company CrowdStrike, which caused certain Windows machines to repeatedly crash, showing the infamous “Blue Screen of Death.”
The effects cascaded for at least a few days, with flight cancellations reported well into the next week. Within a week, CrowdStrike stock is trading 24% lower than it was five days prior.
The incident reveals the importance of massive cybersecurity providers like CrowdStrike that provide critical, behind-the-scenes infrastructure to our increasingly connected economy.
With stakes so high, one might expect a flood of litigation from the affected companies and individuals against the cybersecurity company. But, as of this writing, more than three months after the outage, only a handful of lawsuits have been filed in court.
According to Docket Alarm analytics, only one lawsuit was filed against CrowdStrike in July, and two more in August. None have been filed in September.
The July suit is a securities complaint filed by investors as a class action. Both of the August lawsuits were filed by impacted traveler, also as class actions.
It is possible that more class actions are in the works, as plaintiff’s firms assess the likelihood of success and the size of the affected class. For the lawsuits that have been filed, their journey is just beginning – it’s unknown how CrowdStrike will respond.