Plymouth County Retirement Association v. CrowdStrike Holdings, Inc.

CrowdStrike is a cybersecurity firm based in Austin, Texas.  CrowdStrike’s flagship product is its Falcon cybersecurity software platform. According to CrowdStrike, what set its Falcon platform apart from other cybersecurity platforms was its “Rapid Response” updates, which were delivered silently to CrowdStrike’s customers through the “cloud.”

Throughout the Class Period, CrowdStrike, its CEO Defendant Kurtz, and its President Defendant Sentonas, represented to investors that CrowdStrike adhered to industry-standard testing and quality assurance requirements and, as a result, the Rapid Response updates were safe and reliable and would not cause the Company’s customers to “blue screen”—i.e., crash.  Specifically, Defendants assured investors that they properly tested such updates, maintained quality assurance staff to conduct such testing, and released new updates slowly, and in phases. These were requirements of federal compliance standards that Defendants represented CrowdStrike adhered to.

Unfortunately for investors, these representations were false, highly misleading, and omitted material facts.  In truth, CrowdStrike and its executives prioritized speed over prudence, shunning the very testing and quality assurance requirements they told investors and customers that they followed. 

The Class Period begins on September 22, 2022.  On that date, Defendant Kurtz told investors that at CrowdStrike, “we test more than anyone else.”  Throughout the remainder of the Class Period, Defendants repeatedly stressed that the Falcon platform “doesn’t blue screen endpoints with failed updates,” that CrowdStrike “always” conducted phased rollouts of software updates, and that CrowdStrike maintained a dedicated “quality assurance team” that was “trained and equipped to assist with testing.”  Defendants buttressed these assurances with further representations that CrowdStrike was “meeting the stringent requirements” of the federal government—requirements necessary to do business with government agencies, an essential part of the Company’s investment thesis.

The truth concealed by Defendants’ Class Period misrepresentations began to be revealed on July 19, 2024, when CrowdStrike issued a faulty software update that resulted in the largest IT outage in history, crippling business operations across the globe, destroying customers’ trust, and erasing billions of dollars in shareholder value.  Investors learned that CrowdStrike did not properly test its updates, maintain a quality assurance team, or safely release its updates in phases, and instead released a flawed, untested software update to millions of customers all at once. In all, the revelations about CrowdStrike’s deficient testing and its ramifications caused CrowdStrike’s stock to plummet by nearly 32%—the largest stock price decline in CrowdStrike’s history.

On July 30, 2024, a securities class action was filed alleging that CrowdStrike and certain of its executives violated the federal securities laws.  On October 30, 2024, the Court appointed Thomas P. DiNapoli, Comptroller of the State of New York, as Administrative Head of the New York State and Local Retirement System, and as Trustee of the New York State Common Retirement Fund (“New York State Common Retirement Fund”) to serve as Lead Plaintiff and approved New York State Common Retirement Fund’s selection of Bernstein Litowitz Berger & Grossmann LLP (“BLB&G”) as Lead Counsel for the Class.  New York State Common Retirement Fund filed a Consolidated Class Action Complaint on January 21, 2025.  The case has been assigned to the Honorable Robert Pitman of the United States District Court for the Western District of Texas.