By Jim Finkle and Tina Bellon
(Reuters. - Intel Corp shares fell nearly 2 percent on Thursday as investors worried about the potential financial liability and reputational hit from recently disclosed security flaws in its widely used microprocessors.
The largest chipmaker had confirmed on Wednesday that flaws reported by researchers could allow hackers to steal sensitive information from computers, phones and other devices. Apple Inc, Microsoft Corp and other software makers have issued patches to protect against the vulnerabilities.
Intel may be on the hook for costs stemming from lawsuits claiming that the patches would slow computers and effectively force consumers to buy new hardware, and big customers will likely seek compensation from Intel for any software or hardware fixes they make, security experts told Reuters.
"The potential liability is big for Intel," said Eric Johnson, dean of Vanderbilt University's Owen Graduate School of Management. "Everybody will be scrambling over the next few days to figure out just how big it is."
Investors need more details about the flaws so they can assess their impact on Intel and other technology companies, said Tim Ghriskey, an investment manager with Inverness Counsel in New York.
"It remains to be seen whether Intel has higher exposure than its rivals," said Ghriskey, whose firm manages $2.8 billion. "We don’t really have a lot of facts yet. A lot of what is out there about the impact on Intel is supposition."
Government agencies and security experts said they knew of no cyber attacks that had exploited the vulnerabilities, but some warned that hackers would likely work to target systems while they remained unpatched.
The German government's Federal Office for Information Security urged computer users to install patches as soon as they become available and asked technology companies to secure their applications as quickly as possible.
Lawyers filed a lawsuit in San Jose, California, federal court on Wednesday that sought class action status for people who had bought vulnerable Intel chips or computers that came with them already installed.
The lawsuit said the patches could "dramatically" degrade system performance, giving customers the "unappealing choice" of deciding whether to replace the processor, buy a new computer with one that is not vulnerable, install updates that degrade performance or do nothing and risk getting hacked.
While more lawsuits are expected, Intel's biggest customers are likely to quietly seek compensation for any harm caused by the vulnerabilities, including costs to patch machines or replace microprocessors, Johnson said.
Intel did not immediately respond to a request for comment on Thursday about the lawsuit alleging degraded performance.
Legal experts said that consumers would have to prove concrete damages and harm to proceed with claims.
Class action lawsuits over cybersecurity issues at companies including Anthem Inc, Target Corp and Yahoo have yielded mixed results and U.S. federal appeals courts are divided over what evidence is needed to bring such claims.
Stewart Baker, a Washington-based lawyer focusing on technology law, said updates that decrease a chip's performance might warrant monetary damages.
“But a lot of these cases are settled for three cents on the dollar,” Baker said, adding that consumers would likely see very little compensation.
Intel shares fell 1.8 percent on Thursday, following a 3.4 percent decline Wednesday.
Shares in rival Advanced Micro Devices Inc climbed 4.9 percent as investors speculated the No. 2 maker of microprocessors would woo customers away from Intel.
Still, researchers had said some of AMD's chips had one of the two vulnerabilities disclosed on Wednesday, as do processors from ARM Holdings.
(Reporting by Jim Finkle in Toronto and Tina Bellon in New York.; Additional reporting by Siddharth Cavale in Bengaluru, Doug Busvine in Frankfurt; Editing by Lisa Von Ahn and Meredith Mazzilli)