Any fines, compensation, or settlements count. They have to be actually paid out before January 1 2027.
Related questions
https://www.cnbc.com/2024/07/30/crowdstrike-shares-plunge-11percent-on-report-that-delta-may-seek-damages.html "CrowdStrike shares plunge 9.7% to lowest level of the year on report that Delta may seek damages"
Looks v likely
I'm still holding my NO. I believe the OVH incident is substantially different (I wrote more detailed reasoning in a HN comment: https://news.ycombinator.com/item?id=41067442).
Don't get me wrong, they're still at a pretty big risk of getting sued, but I think it's somewhere well below 90%. By my reasoning, the precedent set by OVH alone is not a slam-dunk.
I don't think that they will have to pay as much money because most of the companies using Crowdstrike didn't even comply with the ToS. They explicitly state that Crowdstrike shouldn't be used in environments requiring fail-safe operations:
"THERE IS NO WARRANTY THAT THE OFFERINGS OR CROWDSTRIKE TOOLS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF CUSTOMER’S PARTICULAR PURPOSES OR NEEDS. THE OFFERINGS AND CROWDSTRIKE TOOLS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. NEITHER THE OFFERINGS NOR CROWDSTRIKE TOOLS ARE FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE. Customer agrees that it is Customer’s responsibility to ensure safe use of an Offering and the CrowdStrike Tools in such applications and installations. CROWDSTRIKE DOES NOT WARRANT ANY THIRD PARTY PRODUCTS OR SERVICES." §8.6: https://www.crowdstrike.com/terms-conditions/