It is three weeks since the IT outage (19 July 2024) that brought down around eight million Microsoft-based systems around the world, and the recriminations—and lawsuits—are starting to fly.

Delta Air Lines has said it plans to sue CrowdStrike and Microsoft over the $500m it claims to have lost because of the outage. A class action lawsuit filed on behalf of CrowdStrike shareholders claims that they were misled over the company’s software testing practices. Another law firm, Gibbs Law Group, is considering a class action on behalf of small businesses affected by the outage, and Delta is itself facing an action filed on behalf of Delta Air Lines passengers whose flights were cancelled due to the outage.

As tempers start to fray, CrowdStrike and Microsoft have bared their teeth against anyone threatening them with legal action, perhaps to head off any further lawsuits. Both tech companies have rubbished Delta’s claims and seem to have implied that Delta’s technology is not as up-to-date as that of its rivals.

Flying fur and lawsuits

Such flying fur is not a good look. When threatened by a user, which itself is facing legal action from its customers, directly because of the impact on those customers of the IT outage, Microsoft and CrowdStrike seem to have opted for a shot across the users’ bows. Maybe the potential impact of a $500m lawsuit concentrates minds. Get your retaliation in first, seems to be the thinking. Shoot first, ask questions later.

Delta is certainly not backing down. In a Securities and Exchange Commission (SEC) filing published on Thursday, 8 August, the airline insisted that Delta had “experienced operational disruption resulting from the CrowdStrike-caused outage on 19 July 2024.” The outage disrupted Delta’s operations, causing approximately 7,000 flight cancellations over five days, the airline said.

Delta CEO Ed Bastian said, “An operational disruption of this length and magnitude is unacceptable, and our customers and employees deserve better. Since the incident, our people have returned the operation to an industry-leading position that is consistent with the level of performance our customers expect from Delta,” said Ed Bastian. He added, “We are pursuing legal claims against CrowdStrike and Microsoft to recover damages caused by the outage, which total at least $500 million.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In the filing, for the September quarter, Delta estimated the direct revenue impact of the incident to be $380m, primarily driven by refunding customers for cancelled flights and providing customer compensation in the form of cash and SkyMiles. It estimated non-fuel expenses associated with the technology-driven outage and subsequent operational recovery to be $170m, primarily due to customer expense reimbursements and crew-related costs.

Delta’s problem—and the same problem for anyone else who considers picking up a legal cudgel—is that the security vendor will have sought to protect itself by its contractual small print. As Wired has argued, any claims will need to find creative ways to frame their cases because CrowdStrike will be insulated to a great extent by clauses typical of software contracts that limit its liability.

A lack of contrition for impact on Joe Public

One vital thing that must be highlighted is the singular lack of any recognition or contrition by Big Tech for the outage’s impact on ordinary people, who got to an airport, perhaps anticipating seeing friends or loved ones, but could not fly. Or the person who went to a hospital in trepidation of a medical appointment, but had it cancelled. Or the small business that could not trade and did not know what on earth was going on.

They are presumably not CrowdStrike ‘customers and partners’ and, unsurprisingly, there is no reference to them in this CrowdStrike statement.

We cannot go on like this, where Big Tech and Big Security appear to show little regard for the impact of their tech errors on society. This was just one incident. Imagine the chaos if, in the future, there was widespread cracking of the codes that protect sensitive data by quantum computers.

Fortunately, the US National Institute of Standards and Technology seems to be on the case. Such cracking would make the July 19 incident seem like child’s play. Let us hope that in the case of the IT outage, legal differences can be resolved and tech vendors take much greater responsibility for the consequences of their actions.