It is three weeks since the IT outage (19 July 2024) that brought down around eight million Microsoft-based systems around the world, and the recriminations—and lawsuits—are starting to fly.
Delta Air Lines has said it plans to sue CrowdStrike and Microsoft over the $500m it claims to have lost because of the outage. A class action lawsuit filed on behalf of CrowdStrike shareholders claims that they were misled over the company’s software testing practices. Another law firm, Gibbs Law Group, is considering a class action on behalf of small businesses affected by the outage, and Delta is itself facing an action filed on behalf of Delta Air Lines passengers whose flights were cancelled due to the outage.
As tempers start to fray, CrowdStrike and Microsoft have bared their teeth against anyone threatening them with legal action, perhaps to head off any further lawsuits. Both tech companies have rubbished Delta’s claims and seem to have implied that Delta’s technology is not as up-to-date as that of its rivals.
Flying fur and lawsuits
Such flying fur is not a good look. When threatened by a user, which itself is facing legal action from its customers, directly because of the impact on those customers of the IT outage, Microsoft and CrowdStrike seem to have opted for a shot across the users’ bows. Maybe the potential impact of a $500m lawsuit concentrates minds. Get your retaliation in first, seems to be the thinking. Shoot first, ask questions later.
Delta is certainly not backing down. In a Securities and Exchange Commission (SEC) filing published on Thursday, 8 August, the airline insisted that Delta had “experienced operational disruption resulting from the CrowdStrike-caused outage on 19 July 2024.” The outage disrupted Delta’s operations, causing approximately 7,000 flight cancellations over five days, the airline said.
Delta CEO Ed Bastian said, “An operational disruption of this length and magnitude is unacceptable, and our customers and employees deserve better. Since the incident, our people have returned the operation to an industry-leading position that is consistent with the level of performance our customers expect from Delta,” said Ed Bastian. He added, “We are pursuing legal claims against CrowdStrike and Microsoft to recover damages caused by the outage, which total at least $500 million.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataIn the filing, for the September quarter, Delta estimated the direct revenue impact of the incident to be $380m, primarily driven by refunding customers for cancelled flights and providing customer compensation in the form of cash and SkyMiles. It estimated non-fuel expenses associated with the technology-driven outage and subsequent operational recovery to be $170m, primarily due to customer expense reimbursements and crew-related costs.
Delta’s problem—and the same problem for anyone else who considers picking up a legal cudgel—is that the security vendor will have sought to protect itself by its contractual small print. As Wired has argued, any claims will need to find creative ways to frame their cases because CrowdStrike will be insulated to a great extent by clauses typical of software contracts that limit its liability.
A lack of contrition for impact on Joe Public
One vital thing that must be highlighted is the singular lack of any recognition or contrition by Big Tech for the outage’s impact on ordinary people, who got to an airport, perhaps anticipating seeing friends or loved ones, but could not fly. Or the person who went to a hospital in trepidation of a medical appointment, but had it cancelled. Or the small business that could not trade and did not know what on earth was going on.
They are presumably not CrowdStrike ‘customers and partners’ and, unsurprisingly, there is no reference to them in this CrowdStrike statement.
We cannot go on like this, where Big Tech and Big Security appear to show little regard for the impact of their tech errors on society. This was just one incident. Imagine the chaos if, in the future, there was widespread cracking of the codes that protect sensitive data by quantum computers.
Fortunately, the US National Institute of Standards and Technology seems to be on the case. Such cracking would make the July 19 incident seem like child’s play. Let us hope that in the case of the IT outage, legal differences can be resolved and tech vendors take much greater responsibility for the consequences of their actions.
Related Company Profiles
Microsoft Corp
CrowdStrike Inc
Delta Air Lines Inc