- Intel disclosed Friday it now faces 35 lawsuits related to the Spectre and Meltdown attacks.
- Customers are charging they were harmed by the attacks; shareholders charge that Intel misled them about the state of its business, because it didn’t disclose them sooner.
- At least one shareholder suit is taking aim at alleged insider trading at Intel; questions have been raised about a massive stock sale by the company’s CEO after Intel was informed of the attacks but before it disclosed them to the public.
The Spectre and Meltdown attacks were a public relations nightmare for Intel. Now they’ve become a legal headache as well.
The chip making giant, its board members, and executives face 35 lawsuits related to the attacks, the company disclosed in its annual report on Friday. Because the suits are in their early stages, Intel said it couldn’t determine how much they could potentially cost it.
“We dispute the claims … and intend to defend the lawsuits vigorously,” the company said in its annual report.
A company representative declined to comment on the lawsuits.
Security researchers disclosed the Spectre and Meltdown attacks last month. Taking advantage of a particular feature found in nearly all computer processors, the attacks could allow a malicious actor to view secret data stored on PCs, tablets, and smartphones, including users’ passwords. In recent weeks, chip makers, device manufacturers, and operating system vendors have been scrambling to patch their devices and software to protect them from the vulnerabilities.
The attacks were actually discovered in June, and Intel was made aware of them soon thereafter. The vulnerability the attacks exploit has been present in nearly all Intel chips made over the last 20 years. And, unlike chips made by other manufacturers, Intel’s processors are vulnerable to both Spectre and Meltdown.
Intel’s handling of Spectre and Meltdown has drawn criticism – and now lawsuits
Intel’s handling of the situation has raised eyebrows not just because it waited more than six months to disclose the attacks to the public despite the fact that its chips were particularly at risk of them, but also because of a massive stock sale made by company CEO Brian Krzanich after the company found out about the attacks. In sale – through which Krzanich saw a $24 million windfall – the CEO sold off all of the shares of Intel he was allowed to sell under his contract.
Intel has noted that the sale, which Krzanich made in November, was done as part of a planned stock divestiture. But Krzanich only put that plan in place a month earlier, which was more than four months after Intel became aware of the attacks.
Thirty of the lawsuits filed against Intel are seeking class action status and were filed by customers who claim they were harmed by the attacks or by the company’s failure to disclose them, according to the annual report. Two of the suits, also seeking class action status, were filed on behalf of shareholders who charge that the disclosure of the attacks shows that statements Intel made about its products or business were false or misleading.
Additionally, another three Intel investors have filed shareholder derivative suits in California state court, according to the annual report. Those suits charge that Intel’s executives or directors failed in their duties to shareholders by delaying disclosure of the breach or not doing anything about insider trading at the company.
The Intel representative declined to say whether the company’s board has investigated Krzanich’s stock trade.