The Fallout of a Cybersecurity Software Update
On July 19, Jonathan Cardi and his family witnessed the chaos at Raleigh-Durham International Airport in North Carolina as flights were delayed one after another, turning the departures board into a sea of red. According to Cardi, it was nothing short of insanity. As a law professor at Wake Forest University and a member of the American Law Institute, Cardi was supposed to fly to a conference in Fort Lauderdale, Florida with Delta Airlines. Due to the IT outage caused by a software update glitch from CrowdStrike, millions of Microsoft Windows computers crashed, leaving travelers stranded and frustrated.
With flights grounded and staff telling passengers that planes would be taking off soon, Cardi decided to embark on an 11-hour journey by rental car to reach his destination. Meanwhile, others bound for the same conference were left sleeping at the airport, Cardi later discovered.
The repercussions of the IT outage were far-reaching, causing disruptions in various industries and leading to an estimated $5 billion in financial losses. As a law expert specializing in civil liability, Cardi anticipates legal action looming on the horizon.
And the legal battles have indeed commenced.
Delta Airlines has filed suits against CrowdStrike and Microsoft, seeking to recover the $500 million losses incurred during the outage. Law firms such as Labaton Keller Sucharow and Gibbs Law Group have initiated class action lawsuits on behalf of affected parties, including shareholders and small businesses. The legal tussle is heating up, with CrowdStrike vehemently defending itself against the allegations of gross negligence and misconduct.
Recovering from the financial fallout of the IT outage will be an uphill battle, as software contracts typically contain clauses that limit liability. Despite admitting responsibility for the incident, CrowdStrike’s legal fine print could shield it from substantial financial repercussions, leaving impacted parties with tough decisions to make.
Limitation Clause
The legal landscape surrounding the CrowdStrike debacle is complex. Customers seeking restitution may find their options limited due to contractual clauses designed to minimize financial liabilities. Breach of contract, negligence, and fraud are avenues for legal action, but the effectiveness of these claims remains uncertain. The terms and conditions of agreements between CrowdStrike and its clients will play a pivotal role in determining the extent of liability.