Delta Air Lines is gearing up to demand compensation following an outage that caused chaos worldwide, impacting the airline significantly.
According to a report by CNBC on Monday, the carrier has brought on board renowned lawyer David Boies to seek damages from CrowdStrike and Microsoft for the July 19 computer outage that forced Delta to cancel around 6,000 flights.
David Boies has an impressive legal background, representing high-profile figures such as Theranos founder Elizabeth Holmes, Al Gore in the 2000 presidential election, and the US government in a landmark antitrust case against Microsoft in 1998.
Delta’s compensation plans
Although no lawsuit has been filed, Delta plans to pursue compensation from CrowdStrike and Microsoft, as reported by CNBC.
Delta’s stock remained relatively unchanged at the close of Monday’s trading, but CrowdStrike saw a 5.5 per cent decline in after-hours trading.
Earlier this month, CrowdStrike caused global business disruptions after a defect in a software update from the cybersecurity firm led to the shutdown of numerous Microsoft computer systems.
Analysts predict that Delta, one of the hardest-hit airlines, will face an earnings loss of between US$350 million and US$500 million this quarter due to reputational damage and ticket refunds, according to a Bloomberg report last week.
However, legal experts suggest that Delta and its Boies-led lawyers might need help to secure significant compensation from CrowdStrike. The terms and conditions of CrowdStrike’s services state that the firm is only liable for refunds and limits liability to “fees paid.” This means that if Delta or other companies seek damages for losses, CrowdStrike would only be required to refund the cost of the software.
CrowdStrike’s limited liability
Elizabeth Burgin Waller, chair of the Cybersecurity & Data Privacy practice at Woods Rogers, pointed out that CrowdStrike’s liability is limited to the fees paid for its Falcon security software, widely used by companies and government agencies globally.
This limitation means that companies like Delta may not receive much compensation for damages or lost revenue. Even individuals seeking damages through class action lawsuits against CrowdStrike might face significant challenges.
Mauricio Sanchez, a senior director at the tech market research firm Dell’Oro Group, expressed doubt that CrowdStrike would be required to pay much, if any, compensation. “While it will be a miserable summer for CrowdStrike lawyers, as they defend themselves from customers with torches and pitchforks, I don’t see CrowdStrike having to pay much, if any, compensation,” Sanchez told the trade publication Fierce Network last week.
Precedents and future implications
A recent case involving a hacking incident, rather than a software update issue, provides some precedent for how large customers like Delta could fare in court. In 2020, hackers infiltrated Texas-based SolarWinds’ systems and inserted malicious code into the company’s software. This breach affected over 30,000 customers who received the compromised software updates, leading to extensive spying by hackers on companies and government organisations.
Earlier this month, a US judge dismissed most of a Securities and Exchange Commission lawsuit accusing SolarWinds of defrauding investors by concealing security weaknesses.
Given the customer agreements favouring CrowdStrike and the recent SolarWinds case, CrowdStrike may have a strong chance in court. Andrew Selbst, an assistant professor at UCLA School of Law, told Harvard Law Today that customers could sue over negligence, though these class action lawsuits are often complex to win.
Another possible consequence for CrowdStrike could be regulatory action, particularly from the Federal Trade Commission (FTC). “The FTC has a pattern of settling with these companies and keeping them under a consent decree for 20 years or so,” Selbst said. “But with the FTC, you don’t receive individual customers’ damages or compensation. This is just a regulatory regime, and they receive fines payable to the federal government.”
