Intel faces 32 lawsuits over the Meltdown and Spectre flaws
Filing suggests there'll be more to come, with customers angry over exploits and Krzanich's shares sale
Intel is facing at least 32 class action lawsuits over the Meltdown and Spectre chip flaws, which have quickly become two of the biggest security vulnerabilities ever uncovered.
The chipmaker revealed the number in a Securities and Exchange Commission filing it made last week. Thirty are customer class action suits from users that are "seeking monetary damages and equitable relief", while two concern securities, and "allege that Intel and certain officers violated securities laws by making statements about Intel's products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities".
On top of these 32 lawsuits, there were a further three shareholder suits filed against Intel, claiming that the company's board and corporate officers committed "breach of duty" in connection to the disclosure of the security flaws and have failed "to take action in relation to alleged insider trading". That related to Intel CEO Brian Krzanich, who sold shares worth $39 million after researchers informed Intel of Meltdown and Spectre.
Worst still, the filing notes it's likely that further lawsuits around these issues will arise.
Intel isn't the only tech giant getting sued in relation to the vulnerability. Apple was also hit by a class action lawsuit over the debacle in January. The class action complaint was filed in a San Jose district court.
Chipmaker AMD has also being sued over claims that it artificially inflated its stock price by keeping quiet about how the Spectre flaws affected its chips.
Intel's first efforts to patch the vulnerability resulted in performance slowdowns and reboots for many laptops running its chips. It eventually recalled those and issued fresh patches, which it claims don't have those bugs, earlier this month.
Meltdown and Spectre affect Intel processors from the last 10 years, and other manufacturers' processors as well. They allow hackers to gain access to data stored on chips' memory that would normally be protected. But no data breaches have yet been reported.
08/01/2018: Intel is being taken to court over vulnerabilities in its processors, with plaintiffs in California, Oregon and Indiana all taking legal action against the company.
The Meltdown and Spectre flaws, which are present in the vast majority of modern processors, could allow hackers to break into the devices and steal sensitive data. However, no data breaches have been reported as yet, even though the vulnerabilities exist in the majority of processors dating from 1995. The flaw wasn't reported until June last year, despite Intel knowing about it since before then.
The lawyers representing the Californian claimants think there will be more cases coming to light in the coming months, describing it as "one of the largest security flaws ever facing the American public". They are urging Intel to fix the problem and to offer those affected compensation for any losses that have occurred.
However, for this to happen, businesses and individuals would have to provide solid evidence that they have been adversely affected by the flaws.
It may be easier for some of the big businesses affected by the vulnerabilities to take action. Legal experts expect cloud service providers to be the leaders in this, with Amazon, Microsoft and Google all having solid reasons to hold Intel to account if it slows their computational capacity.
An alternative to legal action may be for the cloud providers to demand lower prices on future chips. Kim Forrest, senior equity research analyst at Fort Pitt Capital Group told The Guardian.
Intel explained it was unable to give any information about the cases. "[Intel] can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment," the company said in a statement.
"Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," the company previously said.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now