CrowdStrike Shareholder Lawsuit Dismissed by Texas Judge

A group of CrowdStrike shareholders who sued the company over losses sustained following its 2024 global outage will have to head back to the drawing board if they hope to recoup losses, as a Texas judge has deemed they failed to adequately state a claim.

The plaintiffs in the case alleged 15 statements from CrowdStrike leadership were misleading. US District Judge Robert Pitman of the Western District of Texas ruled on Monday that, while he agreed two of those statements were plausibly misleading, the shareholders failed to plausibly plead that they were made with the intent to defraud investors, a required element of a securities‑fraud claim.

"Plaintiffs have failed to plausibly plead a strong inference of scienter [intent or knowledge of wrongdoing] for the individual Defendants or for CrowdStrike itself," Pitman opined. "Thus, even though the Court found … that Plaintiffs had plausibly alleged two misleading statements, the Court will grant Defendants' motion to dismiss."

For those who don't recall CrowdStrike's terrible, horrible, no good, very bad day in July 2024, the world ground to a halt after the company pushed a faulty Falcon sensor content configuration update for Windows. Millions of machines around the world promptly face‑planted into blue screens of death.

The update was malformed, and CrowdStrike's internal validation system, designed to ensure updates didn't cause serious snafus, failed to catch the issue, as the company later explained in a post‑mortem. CrowdStrike acknowledged it had made a mistake, causing its share price to plummet and leaving the company with months of uncertainty for investors, many of whom are institutional.

One such institutional group was the Plymouth County Retirement Association, which filed a lawsuit in July 2024. Other parties signed on to the suit, turning it into a class‑action complaint under the leadership of New York State Comptroller Thomas DiNapoli, who oversees the New York State Common Retirement Fund, one of the institutional CrowdStrike investors who lost money following the outage. Pitman dismissed the case this week.

He's previously dismissed other suits related to the outage, too.

In June of last year, he tossed a lawsuit against CrowdStrike filed by a group of airline customers who were left stranded following the outage. Plaintiffs in that case sought relief for their inconveniences from CrowdStrike, arguing that the company's sloppy update screening process ended up costing them time and money they wanted back.

Pitman dismissed that case on the grounds that the federal Airline Deregulation Act (ADA) preempted the passengers' claims, because the alleged harm was "related to" airline services such as scheduling and boarding, triggering the ADA's preemption clause. The fact that the passengers sued CrowdStrike rather than the airlines themselves didn't change the analysis, Pitman said, because the claims were still "related to" airline services and therefore barred.

He also ruled in favor of CrowdStrike over statements made by its president, Michael Sentonas, who said in an April 2023 investor briefing that CrowdStrike's agent architecture "doesn't blue screen endpoints with failed updates."

"Agent cloud architecture … doesn't require a massive tuning burden and doesn't blue screen endpoints with failed updates," court documents quote Sentonas as saying.

As CrowdStrike argued in its motion to dismiss, Sentonas' statement was not a promise that CrowdStrike could never trigger a bluescreen outage under any circumstances.

"The Court agrees with Defendant that this statement by Defendant Sentonas is not actionable," Pitman decided in his dismissal order, further describing it as "arguably immaterial puffery" rather than a concrete claim capable of supporting a securities‑fraud charge.

"We appreciate the Court's thoughtful consideration and decision to dismiss this case," CrowdStrike Chief Legal Officer Cathleen Anderson told The Register.

We note the case was dismissed without prejudice, and Pitman has given the plaintiffs a chance to file an amended complaint, so the case isn't over yet.

When asked how it plans to respond, DiNapoli's office only told us that "the decision is under review."

Delta Air Lines, which also sued CrowdStrike to recover damages from the outage, has defeated a motion to dismiss its own lawsuit against the company in Georgia state court. That case is ongoing.