Western District Of Texas Dismisses Putative Securities Class Action Against Cybersecurity Company

On January 12, 2026, Judge Robert Pitman of the United States District Court for the Western District of Texas granted a motion to dismiss a putative securities class action against a cybersecurity company (the "Company") and certain of its executives (the "Individual Defendants") under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 and Rule 10b-5 promulgated thereunder. In re Crowdstrike Holdings, Inc. Sec. Litig., No. 24-cv-00857-RP (W.D. Tex. Jan. 12, 2026). The Court held that only two of the purported misstatements were sufficiently alleged to be false or misleading but that in any event the complaint failed to plead a strong inference of scienter, accordingly it dismissed the complaint without prejudice.

According to the complaint, the Company sells a proprietary cybersecurity platform, which the Company purportedly emphasized is "updated automatically and remotely, without customers needing to reboot or manage updates." Plaintiffs further alleged that the Company amassed a customer base that included the U.S. federal government, 43 out of 50 state governments, and more than half of the Fortune 500 companies through representations regarding the Company's "robust testing and quality assurance processes."Plaintiffs alleged that the remote updates—called "Rapid Response Content updates"—were central to the Company's pitch to investors. Plaintiffs further alleged that defendants "specifically and repeatedly highlighted their testing of [the Company's] software." Plaintiffs further alleged that on July 19, 2024, the Company released an update that triggered an error and resulted in widespread IT outages that caused global disruption, with airlines, public hospitals, financial services, and police departments brought to a complete standstill, and alleged that some commentators described this incident as "the largest IT outage in history."Plaintiffs claim this incident caused the Company's stock price to drop dramatically and revealed that defendants' statements about the Company's testing of its software updates were false or misleading by omission. Defendants moved to dismiss.

The Court first considered whether the complaint sufficiently pled any false or misleading statement or omission and organized the alleged misstatements into the following categories: (i) statements about a "quality assurance team"; (ii) statements about product usage; (iii) statements about testing and/or software updates; and (iv) statements about regulatory compliance.

As to the statements about the Company's "quality assurance team," the Court agreed with defendants that the complaint took such statements out of context, and that when properly considered, they were neither false nor misleading.Specifically, the Court held that statements in the "Accessibility" section of Company's 2023 and 2024 Proxy Statements identifying the Company's "quality assurance team" did not, as plaintiffs alleged, represent that this team "assisted with software updates."According to the Court, "[w]hen read in context, no reasonable investor would have assumed purely from a single sentence in the Accessibility section . . . that [the Company] had a quality assurance team that tested software updates."

As to the statements about product usage, the Court agreed with defendants that the alleged statements were about how customers could use the Company's software and not about the Company's own software development processes, as plaintiffs alleged. For example, plaintiffs claimed that defendants "assured investors on [the Company's] website that it adhered to 'continuous integration and continuous delivery (CI/CD),' which 'is a software development methodology that allows for rapid, frequent, and reliable code updates.'" But the Court agreed with defendants that the "webpage is unquestionably an educational article" and that there was no indication that the Company used CI/CD.

The Court similarly held that the alleged misstatements regarding the Company's testing and/or software updates were non-actionable, finding that plaintiffs again took certain statements out of context, and other statements were immaterial puffery, fully disclosed or not otherwise misleading.

The Court did, however, hold that plaintiffs plausibly alleged two misstatements regarding the Company's regulatory compliance. Specifically, the Court credited plaintiffs' allegations that defendants misrepresented the Company's regulatory compliance, including its compliance with requirements that the Company conduct robust pre‑production and quality assurance testing, use phased rollouts for updates, and maintain a dedicated quality assurance team. In so holding, the Court rejected defendants' argument that there could be no misrepresentation because the Company was designated as "authorized" by its regulators, emphasizing that plaintiffs alleged that defendants falsely certified that the Company was meeting the regulatory requirements (which was the basis for the "authorized" designation), not that the Company was not designated as authorized.

Having found that two of the alleged fifteen misstatements were actionable, the Court turned to whether plaintiffs sufficiently alleged scienter. The Court rejected plaintiffs' allegations that defendants' "motive" to maximize short-term profits and to artificially inflate the Company's stock price and their own net worths was indicative of fraud, holding that such conclusory allegations, without more, are insufficient to support an inference of scienter in the Fifth Circuit. The Court also rejected plaintiffs' "knowledge" allegations to support a strong inference of scienter, finding that plaintiffs' allegations failed to meet the heightened pleading standards under the PSLRA. The Court thus held that viewing plaintiffs' scienter allegations as a whole, these allegations do not lead to a strong inference of scienter.

Having found that plaintiffs failed to adequately plead an underlying Section 10(b) claim, the Court dismissed plaintiffs' control person liability claims under Section 20(a). The Court dismissed the complaint without prejudice and granted leave for plaintiff to file an amended complaint.

Links & Downloads

IN RE CROWDSTRIKE HOLDINGS, INC. SECURITIES LITIGATION

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.