Saturday, 11 October 2025
28.3 C
Singapore
26.2 C
Thailand
19.8 C
Indonesia
27.5 C
Philippines

Delta Air Lines seeks damages from CrowdStrike and Microsoft over a software outage

Delta Air Lines hires lawyer David Boies to seek compensation from CrowdStrike and Microsoft for the July 19 outage that caused flight cancellations.

Delta Air Lines is gearing up to demand compensation following an outage that caused chaos worldwide, impacting the airline significantly.

According to a report by CNBC on Monday, the carrier has brought on board renowned lawyer David Boies to seek damages from CrowdStrike and Microsoft for the July 19 computer outage that forced Delta to cancel around 6,000 flights.

David Boies has an impressive legal background, representing high-profile figures such as Theranos founder Elizabeth Holmes, Al Gore in the 2000 presidential election, and the US government in a landmark antitrust case against Microsoft in 1998.

Delta’s compensation plans

Although no lawsuit has been filed, Delta plans to pursue compensation from CrowdStrike and Microsoft, as reported by CNBC.

Delta’s stock remained relatively unchanged at the close of Monday’s trading, but CrowdStrike saw a 5.5 per cent decline in after-hours trading.

Earlier this month, CrowdStrike caused global business disruptions after a defect in a software update from the cybersecurity firm led to the shutdown of numerous Microsoft computer systems.

Analysts predict that Delta, one of the hardest-hit airlines, will face an earnings loss of between US$350 million and US$500 million this quarter due to reputational damage and ticket refunds, according to a Bloomberg report last week.

However, legal experts suggest that Delta and its Boies-led lawyers might need help to secure significant compensation from CrowdStrike. The terms and conditions of CrowdStrike’s services state that the firm is only liable for refunds and limits liability to “fees paid.” This means that if Delta or other companies seek damages for losses, CrowdStrike would only be required to refund the cost of the software.

CrowdStrike’s limited liability

Elizabeth Burgin Waller, chair of the Cybersecurity & Data Privacy practice at Woods Rogers, pointed out that CrowdStrike’s liability is limited to the fees paid for its Falcon security software, widely used by companies and government agencies globally.

This limitation means that companies like Delta may not receive much compensation for damages or lost revenue. Even individuals seeking damages through class action lawsuits against CrowdStrike might face significant challenges.

Mauricio Sanchez, a senior director at the tech market research firm Dell’Oro Group, expressed doubt that CrowdStrike would be required to pay much, if any, compensation. “While it will be a miserable summer for CrowdStrike lawyers, as they defend themselves from customers with torches and pitchforks, I don’t see CrowdStrike having to pay much, if any, compensation,” Sanchez told the trade publication Fierce Network last week.

Precedents and future implications

A recent case involving a hacking incident, rather than a software update issue, provides some precedent for how large customers like Delta could fare in court. In 2020, hackers infiltrated Texas-based SolarWinds’ systems and inserted malicious code into the company’s software. This breach affected over 30,000 customers who received the compromised software updates, leading to extensive spying by hackers on companies and government organisations.

Earlier this month, a US judge dismissed most of a Securities and Exchange Commission lawsuit accusing SolarWinds of defrauding investors by concealing security weaknesses.

Given the customer agreements favouring CrowdStrike and the recent SolarWinds case, CrowdStrike may have a strong chance in court. Andrew Selbst, an assistant professor at UCLA School of Law, told Harvard Law Today that customers could sue over negligence, though these class action lawsuits are often complex to win.

Another possible consequence for CrowdStrike could be regulatory action, particularly from the Federal Trade Commission (FTC). “The FTC has a pattern of settling with these companies and keeping them under a consent decree for 20 years or so,” Selbst said. “But with the FTC, you don’t receive individual customers’ damages or compensation. This is just a regulatory regime, and they receive fines payable to the federal government.”

Hot this week

Managers increasingly turn to AI for performance reviews, raising fears over the future of traditional HR

A new survey finds growing use of AI in workplace communications, including performance reviews, raising concerns about the future of HR.

Google offers Singapore students free one-year access to the AI Pro Plan

Singapore students can apply for a free one-year Google AI Pro Plan subscription powered by Gemini 2.5 Pro.

Canon’s Think Big series returns to help businesses build resilience in uncertain times

Canon’s Think Big Leadership Business Series returns on 22 and 23 October in Singapore to help companies build resilience amid global uncertainty.

C-suite’s rush to adopt AI exposes critical security blind spots

A new Tenable report warns that outdated security strategies are leaving organisations exposed as AI adoption surges.

Commvault named a leader in IDC MarketScape cyber-recovery report

Commvault has been named a leader in the IDC MarketScape: Worldwide Cyber-Recovery 2025 report for its innovation and comprehensive cyber resilience solutions.

Armis and Fortinet expand partnership to boost cyber resilience for global businesses

Armis and Fortinet have expanded their partnership to enhance cyber resilience with deeper integration, unified visibility, and automated security enforcement.

Google offers free AI Pro plan to students in Singapore

Google is offering students in Singapore a free one-year subscription to its AI Pro plan, featuring Gemini 2.5 Pro and powerful learning tools.

Semperis launches unified identity recovery and crisis management solution

Semperis launches Ready1 for Identity Crisis Management, combining identity recovery and crisis management to speed cyberattack response and recovery.

Infor launches industry-focused AI agents to transform enterprise operations

Infor launches industry-specific AI agents, new cloud migration tools, and enhanced process mining to transform enterprise workflows and accelerate automation.

Related Articles