https://www.raconteur.net/technology/delta-crowdstrike-lawsuit

> Proving negligence wouldn’t be impossible, but it would be a “long shot”, according to Ilia Kolochenko, cybersecurity practice lead at Platt Law.

My read of the article as a whole is that the most likely outcome overall is an out-of-court settlement - and although that could resolve this market, the settlement amount would need to be publicly disclosed, which I think leans towards "unlikely".

https://www.bbc.co.uk/news/articles/cy08ljxndr4o

CrowdStrike: Tech firm sued by shareholders over IT global outage

A faulty update by the cyber-security firm last month caused chaos around the world.

https://www.cnbc.com/2024/07/30/crowdstrike-shares-plunge-11percent-on-report-that-delta-may-seek-damages.html "CrowdStrike shares plunge 9.7% to lowest level of the year on report that Delta may seek damages"

CrowdStrike shares plunge 9.7% to lowest level of the year on report that Delta may seek damages

CrowdStrike shares fell after CNBC reported on Monday that Delta hired an attorney to seek compensation following the July 19 global IT outage.

https://thehftguy.com/2024/07/25/crowdstrike-will-be-liable-for-damages-in-france-based-on-the-ovh-precedent/ -

Looks v likely

CrowdStrike will be liable for damages in France, based on the OVH precedent

Hello, Today I am doing a quick post to cover the recent CrowdStrike incident that is estimated to have disabled 8.5M computers and caused more than $5.4B in damages since last week. Now a common questions is whether CrowdStrike will be liable for damages? The answer is most certainly yes. There is actually a very…

I'm still holding my NO. I believe the OVH incident is substantially different (I wrote more detailed reasoning in a HN comment: https://news.ycombinator.com/item?id=41067442).

Don't get me wrong, they're still at a pretty big risk of getting sued, but I think it's somewhere well below 90%. By my reasoning, the precedent set by OVH alone is not a slam-dunk.

I don't think that they will have to pay as much money because most of the companies using Crowdstrike didn't even comply with the ToS. They explicitly state that Crowdstrike shouldn't be used in environments requiring fail-safe operations:

"THERE IS NO WARRANTY THAT THE OFFERINGS OR CROWDSTRIKE TOOLS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF CUSTOMER’S PARTICULAR PURPOSES OR NEEDS. THE OFFERINGS AND CROWDSTRIKE TOOLS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. NEITHER THE OFFERINGS NOR CROWDSTRIKE TOOLS ARE FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE. Customer agrees that it is Customer’s responsibility to ensure safe use of an Offering and the CrowdStrike Tools in such applications and installations. CROWDSTRIKE DOES NOT WARRANT ANY THIRD PARTY PRODUCTS OR SERVICES." §8.6: https://www.crowdstrike.com/terms-conditions/

My actual probability of this is ~100 and so I'm bidding to the interest rate.

Does crowdstrike have SLA penalties or similar, or are you banking on people suing them etc?

Administrative penalty under many, many causes of action which round to “You screwed up and we’d like a press release.”