The widespread disruption caused by a pivotal CrowdStrike software update in July was bound to trigger a flurry of legal disputes — and indeed, it has. The case of Delta launching a $500 million damages lawsuit against the firm, securing the services of attorney David Boies, is particularly notable.
David Boies has an impressive list of notable clients including Theranos, Harvey Weinstein, Jeffrey Epstein’s victims, and Al Gore during the Bush v. Gore dispute over the 2000 presidential election outcome. He was also at the helm of the government’s antitrust lawsuit against Microsoft in the 1990s.
Long before Delta’s lawsuit, investors were already demanding justice, initiating a class-action suit against CrowdStrike, accusing the enterprise of deceiving them about its software update processes.
CrowdStrike, in its defense, enlisted the services of the law firm Quinn Emanuel Urquhart & Sullivan, hinting at an extensive legal battle ahead, sparked by this misstep.
Microsoft finds itself somewhat embroiled in this situation as well, since the problematic CrowdStrike update only affected Windows operating systems, according to a report from Axios.
However, the lion’s share of the burden lies with CrowdStrike, faced with a formidable legal challenge, comments Rob Wilkins of the Florida-based Jones Foster law firm. Yet, CrowdStrike might find some solace in the contractual damage limitations typically included in enterprise software agreements.
“An interesting aspect is the contractual damage limitation between CrowdStrike and Delta, which likely mirrors limitations found in contracts with other clientele,” Wilkins shared with TechCrunch.
Delta, however, contends that the erroneous software update constitutes gross negligence or intentional wrongdoing by CrowdStrike, potentially bypassing any contractual limits. Delta’s operations were hampered for five full days, unlike United, which dealt with three days of delays linked to CrowdStrike. CrowdStrike refutes the claim, suggesting Delta has internal system issues at fault for the disruptions, as per The Wall Street Journal.
Proving gross negligence or intentional misconduct is a steep hurdle for Delta, Wilkins notes. Investors alleging that CrowdStrike’s lack of transparency about their software testing practices led to fraud face significant evidentiary challenges.
“The crux is whether CrowdStrike purposefully misrepresented or omitted information on its software platform’s security and control procedures to investors,” he stated.
Wilkins believes that companies individually suing CrowdStrike are likely to unite for a class-action lawsuit, given the high costs and complexities of separate claims. He expects the formation of a class action to attract even more companies seeking damages.
“Class actions often lead to a consolidation of claims, overseen by a multidistrict litigation panel, which simplifies the discovery process significantly,” he explained.
Such suits generally begin with a “bellwether” trial, serving as a test case for subsequent actions. The outcome provides a precedent for potential settlements. “After a bellwether trial, approaching CrowdStrike for a settlement becomes a more straightforward affair,” he opined.
Another factor in this complex situation is the involvement of insurance firms, which might cover some of the litigation costs for CrowdStrike and its clients. “Insurance will likely play a role, especially if cybersecurity policies cover this type of negligence,” he mentioned.
Besides financial repercussions, the incident carries significant reputational risks for CrowdStrike. Prompt resolution is in the company’s best interest if it hopes to maintain good relations with stakeholders. “Their initial strategy seems to be a combination of defense and seeking a swift resolution,” he concluded.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
