CrowdStrike Holdings, Inc., a leading cybersecurity firm, has been involved in several high-profile lawsuits arising from a major IT outage caused by a faulty software update in July 2024. The software flaw led to millions of Microsoft Windows computers crashing worldwide, severely disrupting critical sectors including airlines, financial institutions, healthcare, and government services. This incident has resulted in multiple legal actions from businesses, investors, and governmental entities alleging negligence, breach of contract, securities fraud, and significant financial damages.
Background of the CrowdStrike Lawsuit
On July 19, 2024, CrowdStrike released an update to its Falcon cybersecurity platform which introduced a bug causing an “out-of-bounds memory read” that triggered blue screen errors on over 8.5 million devices globally. Many organizations reliant on this software experienced system shutdowns, workflow disruptions, and prolonged recovery periods, some lasting weeks. The update’s failure was widely condemned as one of the largest IT outages in history, with wide-ranging impacts on commerce, transportation, and public services.
Parties Involved and Case Context
Plaintiffs include major corporations such as Delta Air Lines, various government agencies, shareholders, and other businesses affected by the outage. The defendants are CrowdStrike Holdings, Inc., its CEO George Kurtz, and possibly other executives and entities involved in the software development and roll-out.
Details of the CrowdStrike Lawsuit Allegations or Claims
- Negligence and Gross Negligence: Failure to properly test and validate the software update, leading to catastrophic system failures.
- Breach of Contract: Alleged violation of service agreements guaranteeing operational reliability and support.
- Securities Fraud: Misleading investors with false statements regarding the adequacy of software testing and risk management prior to the update’s release.
- Economic Losses: Plaintiffs claim significant damages including lost revenue, operational costs, passenger compensation, and reputational harm.
- Computer Trespass and Limited Fraud: Claims that CrowdStrike introduced unauthorized code causing harm to client systems.
Legal Claims and Relevant Laws Involved in the Lawsuit
- Negligence Law: Establishing failure to exercise reasonable care in development and deployment of software updates.
- Breach of Contract Law: Violations of contractual duties to provide functioning cybersecurity services.
- Securities Exchange Act of 1934: Claims related to false and misleading statements made to shareholders and investors.
- Computer Fraud and Abuse Act: Potentially applicable to unauthorized or harmful alterations of client systems.
Current Status and Recent Developments in the Lawsuit
Following the outage, CrowdStrike’s stock price plummeted roughly 32%, dropping nearly $25 billion in market value. Several lawsuits have been filed, with notable actions including a $500 million claim by Delta Air Lines alleging gross negligence and breach of contract, and shareholder class actions accusing CrowdStrike of securities fraud for overstating update testing.
As of mid-2025, courts have denied motions to dismiss key negligence and trespass claims, allowing litigation and discovery to proceed. CrowdStrike has counter-sued Delta, seeking declaratory relief and asserting that Delta’s outdated IT infrastructure significantly contributed to prolonged disruptions. Other plaintiffs include governmental bodies and commercial clients demanding compensation for damages arising from the outage.
Consumer Advice and Business Impact
Businesses utilizing CrowdStrike software should monitor ongoing litigation closely, assess their own damages, and consider joining class actions or pursuing individual claims. Investors should evaluate potential financial impact and legal outcomes affecting stock value. Cybersecurity firms must strengthen quality assurance and risk management practices to prevent similar failures and legal exposure.
Practical Recommendations
- Clients impacted by the outage should document operational disruptions and financial losses.
- Shareholders should monitor securities litigation developments and consider legal counsel.
- Companies should review contractual obligations and liability limitations carefully.
- Cybersecurity providers should implement rigorous software testing and transparent risk disclosures.
Conclusion: Significance and Future Outlook of the CrowdStrike Lawsuit
The CrowdStrike lawsuit is a landmark case highlighting risks in software reliability, corporate transparency, and cyber resilience. Its outcomes will influence legal standards for software update testing, vendor liability, and investor disclosures in the cybersecurity industry. As digital dependence increases, this litigation underscores the critical need for robust safeguards and accountability in technology services.