Spectre and Meltdown fallout: 32 lawsuits filed against Intel

by Mark Tyson on 19 February 2018, 10:14

Tags: Intel (NASDAQ:INTC)

Quick Link: HEXUS.net/qadqwi

Add to My Vault: x

On Friday Intel filed its annual report in which it disclosed that there are a total of 32 lawsuits filed against the company, in connection with the Spectre and Meltdown vulnerabilities. Thirty of the lawsuits are class action claims against Intel by its customers, both in the USA and abroad. The two other suits were filed by Intel shareholders concerning the violation of financial securities laws.

As background to the above mentioned lawsuits, it is important to remember the following things:

  • Intel admits that in June 2017, a Google research team first notified it about various security vulnerabilities (now commonly referred to as 'Spectre' and 'Meltdown').
  • On 3rd January 2018, information on the security vulnerabilities was publicly reported, before software and firmware updates to address the vulnerabilities were made widely available.
  • Intel Chief Executive Brian Krzanich sold 889,879 shares in the company on 29th Nov as per a trading plan adopted on 30th Oct, making roughly $39 million from the sale, well before the details of the flaw were made public.

In general the Intel class-action filing customers "claim to have been harmed by Intel's actions and/or omissions in connection with the security vulnerabilities," says Intel in its report (PDF page 124 of 201). Negative effects of the Spectre and Meltdown flaws are, among others; systems that are vulnerable to hacking unless patched (and patches might not become available), various performance penalties on systems that are patched, the inconvenience and costs of patching / updating said systems.

One set of securities class action plaintiffs alleges that Intel made false statements about products and internal controls after it was aware of the vulnerabilities. Another set of plaintiffs says that certain Intel board members and officers "breached their duties to Intel in connection with the disclosure of the security vulnerabilities and the failure to take action in relation to alleged insider trading". Both of these complainants are looking for monetary damages.

Going forward from this situation Intel has already promised to do better with regard to such vulnerabilities with its Security First Pledge. Its first Meltdown and Spectre-proof CPUs will launch later this year. Last but not least, Intel recently widened its bug bounty scheme to include the sort of side-channel exploits that delivered Spectre and Meltdown.



HEXUS Forums :: 9 Comments

Login with Forum Account

Don't have an account? Register today!
The sell of shares ‘might just be a coincidence’
lumireleon
The sell of shares ‘might just be a coincidence’
The key word being “might”. A very convenient time that it was done.
The problem is he's been selling off the stocks he's received as a bonus ever since he's been getting them, the only thing that really changed was when he sold them off and the amount, that's sure to get noses twitching but I'll eat my hat if anything comes of it as i imagine it would have been run by some very well paid and talented lawyers before it was signed off.
It'll get locked up in courts for 5 years then they may get fined and Intel will just spin it off into appeals for another 5 years.
Intel admits that in June 2017, a Google research team first notified it about various security vulnerabilities
And yet they released the 8th generation in October knowing that all the SKU were vulnerable.

Yeah, we'll fix it later with some patch when it gets public.