In Wake Of Meltdown And Spectre Bug Debacle, Intel Hit With Multiple Class-Action Lawsuits
Intel is facing three class-action lawsuits as the company continues to grapple with fallout after it acknowledged its chips were vulnerable to two massive security bugs.
The three complaints, which have been filed in the days after revelations that Intel chips are vulnerable to these security bugs, cite Intel's "failure to disclose" the security vulnerability in a timely fashion.
"Intel has been aware of a material defect in its microchips that leaves its customers susceptible to unauthorized access by hackers. … Intel knew of the material defect in its microchips and intentionally chose not to disclose the defect to its customers. Intel’s material defect can be patched — but patched computers, smartphones and devices suffer reduced performance," stated one of the lawsuits, filed in the District of Oregon.
Intel, Santa Clara, Calif., declined to comment on the lawsuits.
The flaws, called Spectre and Meltdown, potentially could enable hackers to extract protected data such as passwords and encryption keys.
Patches either already have been released or are being rushed out by Intel as well as OS and cloud providers including Microsoft, Google, Amazon and Apple. However, the three plaintiffs allege that these patches of the security issues on their systems will slow down their system performance.
Intel, for its part, has said it already has issued updates for the majority of processors introduced in the past five years. The company said by the end of next week it "expects to have issued updates for more than 90 percent of processor products introduced within the past five years."
Furthermore, Intel said that the security issues are not from the processor designs themselves, but in the approach that researchers used to compromise a system.
"Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively," the company said in a statement.
Furthermore, the three lawsuits cite not just the security vulnerability itself, but also Intel's failure to disclose these vulnerabilities.
Intel was informed by Google about the vulnerability in June and In November Intel CEO Brian Krzanich cashed out $24 million worth of stock in the company, according to a report by Business Insider. Intel, for its part, told Business Insider that the sale was part of a standard stock-sale plan and had nothing to do with the disclosed chip vulnerability.
Partners, meanwhile, see the channel as having a critical role in educating their customers and helping them navigate what they can do to deal with the security bugs.
’Customers will have lots of questions so such instances show why VARs are their clients' trusted advisers as it’s not as simple as just installing the latest patch updates,’ said Kent Tibbils, vice president of marketing at ASI, Fremont, Calif. ’So there may not be a monetary opportunity but there is clearly a partnership-building opportunity that can strengthen the bond between VAR and client through education and guidance.’