The number of class-action lawsuits filed against Intel over Meltdown and Spectre have grown tenfold over the past month. The company revealed in a filing (PDF) with the US Securities and Exchange Commission that it now faces 30 customer class-action lawsuits and two securities class-action lawsuits related to recently disclosed CPU vulnerabilities.
In the filing, Intel says the consumer lawsuits "generally claim to have been harmed by Intel's actions and/or omissions in connection with the security vulnerabilities" and seek monetary damages and equitable relief.
The securities class-action lawsuits allege violations of securities laws "by making statements about Intel's products and internal controls that were revealed to be false or misleading by the disclosure" of Meltdown and Spectre.
Intel also noted that it disputes the claims from all 32 lawsuits and intends to defend against them "vigorously." However, the company was not able or willing to estimate what kind of financial hit might arise from the growing pile of lawsuits.
"Given the procedural posture and the nature of these cases, including that the proceedings are in the early stages, that alleged damages have not been specified, that uncertainty exists as to the likelihood of a class or classes being certified or the ultimate size of any class or classes if certified, and that there are significant factual and legal issues to be resolved, we are unable to make a reasonable estimate of the potential loss or range of losses, if any, that might arise from these matters," Intel said.
The lawsuits began to trickle in last month, with three class-action suits filed at the outset. Since then, the spigots have opened and it is anyone's guess how many more might be filed in the weeks and months to come.
One of the lawsuits that we examined last month alleged that ""Intel has been aware of a material defect in its microchips that leaves its customers susceptible to unauthorized access by hackers."
"The material defect lets hackers compromise the privileged memory of Intel’s processors by exploiting the way processes run in parallel. The material defect also lets hackers use code running in a browser to access memory in the attacker’s process, potentially exposing customers’ passwords and personal information. Intel knew of the material defect in its microchips and intentionally chose not to disclose the defect to its customers," the lawsuit stated.
Plaintiffs in that particular suit also took issue with subsequent patches designed to mitigate Spectre and Meltdown, as once applied to devices they "suffer reduced performance."
Intel also acknowledged in its filing that three shareholders each filed derivative actions alleging certain board members and officers at Intel engaged in insider trading. While not specifically, the allegation seems related to Intel CEO Brian Krzanich selling off $39 million worth of company shares prior to disclosing the CPU security vulnerabilities. The sale was actually part of a 10b5-1 plan, which is a pre-scheduled plan to sell a set number of shares at a predetermined time. It is intended to help corporate insiders avoid accusations of insider trading. Even so, the fact that Krzanich sold off the maximum amount of shares he was allowed to sell as CEO after Intel was made aware of the vulnerabilities and before making them public is not the best look.