
Crowdstrike is a popular cybersecurity firm that has been at the center of several high-profile IT contracts. Companies that have partnered with Crowdstrike may be wondering if they can sue the firm for breaching these contracts.
Crowdstrike's contracts often include provisions that require the company to maintain certain security standards. If Crowdstrike fails to meet these standards, it could potentially be considered a breach of contract.
The terms of the contract will play a crucial role in determining whether a company can sue Crowdstrike. For example, if the contract includes a clause that allows for termination in the event of a breach, the company may have a strong case.
Crowdstrike's contracts typically include a clause that outlines the process for resolving disputes. This could involve mediation or arbitration, rather than a lawsuit.
Additional reading: Legal Real Estate Contract
Delta vs Crowdstrike Lawsuit
Delta is suing Crowdstrike over a faulty software update that caused a massive IT outage in July 2023.
The update led to a "never-ending 'blue screen of death'" on many users' devices, forcing banks, hospitals, media groups, retailers, and delivery companies to shut down. Airports and airlines were also affected, with Delta cancelling 7,000 flights in the five days following the outage.
Delta is accusing Crowdstrike of breach of contract and negligence, claiming the company "cut corners" and "circumvented testing and certification processes" for its own benefit. Crowdstrike has countersued, saying Delta refused help during the incident.
If Delta wins the lawsuit, it could set a major precedent, encouraging other impacted Crowdstrike customers to file their own lawsuits. This could lead to a "full spectrum of problems" for IT and cyber vendors, who would need to review their contracts.
A Crowdstrike win, on the other hand, would reassert that clients are responsible for their cybersecurity posture. This could encourage companies to take more responsibility for their cybersecurity operations.
In a recent development, a court has allowed Delta to proceed with its lawsuit against Crowdstrike. The outcome of the lawsuit is still uncertain, with Crowdstrike confident that most of Delta's claims will be found to be without merit.
You might enjoy: Can Crowdstrike Be Sued
CrowdStrike Outage
The CrowdStrike outage was a major global IT disaster that occurred on July 19 when a faulty software update caused widespread disruptions.
The update, which was pushed out to 8.5 million Windows devices, resulted in a "Blue Screen of Death" and forced companies to manually remove the faulty update, leading to extended outages and delays.
Delta Airlines was severely impacted, canceling 7,000 flights in the five days following the outage and prompting a probe from the US Department of Transportation.
CrowdStrike's internal tests failed to catch the bug in the update due to a bug in its content validator and inadequate testing procedures.
CrowdStrike is accused of breach of contract and negligence by Delta Airlines, which alleges the company "cut corners, took shortcuts and circumvented the very testing and certification processes it advertised, for its own benefit and profit".
The faulty update caused a substantial risk of serious outages, which created "substantial reputational harm and legal risk" for CrowdStrike, according to a lawsuit filed by the Plymouth County Retirement Association.
A unique perspective: American Airlines Jetblue Antitrust Appeal
The lawsuit alleges that CrowdStrike knowingly made false statements about the quality of its products and procedures, which led to stockholders being defrauded.
CrowdStrike's stock price fell by 11% on the day of the incident, and then another 13.5% on July 22 when CEO George Kurtz was called to testify before Congress.
Here are some key statistics about the CrowdStrike outage:
- 8.5 million Windows devices were affected by the faulty update
- Delta Airlines canceled 7,000 flights in the five days following the outage
- CrowdStrike's stock price fell by 11% on the day of the incident
- The outage caused a substantial risk of serious outages, creating "substantial reputational harm and legal risk" for CrowdStrike
Financial Impact
The financial impact of the CrowdStrike Falcon update outage has been staggering, with estimated losses ranging from $300 million to $1.5 billion.
Delta Airlines alone suffered losses estimated at $500,000,000 due to the cancellation of 2,200 flights.
Market analysts estimate that big enterprises have lost $5.4 billion in total due to the outage.
This is a significant amount of money, and it's no wonder that companies are exploring litigation pathways to get some of it back.
Readers also liked: Duty of Due Care
Impact on Companies
A Delta win in the lawsuit would create a full spectrum of problems for companies, where IT and cyber vendors start urgently reviewing their contracts to protect themselves against liability. This would likely lead to additional disclaimers and safeguards being added to contracts.

If Delta prevails, cyber firms would be held to a higher standard of care, putting vendors in the legal firing line, even if a client is not following best practice. This could result in increased costs for companies.
Conversely, a Crowdstrike win would reassert that clients are responsible for their cybersecurity posture and encourage companies to take more responsibility for their cybersecurity operations.
Related reading: Legal Document Subject a and B
Economic Impact
The economic impact of the CrowdStrike Falcon update outage has been staggering, with estimated losses ranging from $300 million to $1.5 billion. Market analysts estimate that big enterprises have lost a whopping $5.4 billion.
Delta Airlines alone has lost a significant $500 million due to the cancellation of 2,200 flights. The company is seeking compensation from CrowdStrike and Microsoft, which is already hiring a law firm to pursue the matter.
The losses are not just limited to Delta Airlines, with many other organizations affected by the outage. The estimated insured losses are expected to fall within the range of $300 million to $1 billion.
Discover more: Is Crowdstrike an American Company
Contract Lessons
Clear contract language is key to avoiding disputes. The contract must clearly define what the vendor has agreed to do, when it will do it, and how much it will cost, as stated by Brad Frazer, a partner at Hawley Troxell.
A statement of work clause is essential for measuring vendor performance. It's much easier to sue someone if you've got a statement of work, said Frazer.
Negotiating the highest liability limit possible with a vendor is critical, but it's unlikely to cover damages as severe as Delta's. A $100,000 agreement wouldn't make sense if the potential liability were $20 million.
The liability limit can be a ceiling that's difficult to exceed. Morvareed Salehpour, head of Salehpour Legal, described hitting that ceiling while trying to get more money for a client.
Indemnification is another crucial contract negotiation. It makes the vendor responsible for lawsuits filed against the customer because of a vendor-caused outage or security breach.
Without indemnification, customers might walk away from a deal. If they don't give me indemnification, then I might walk away, said Frazer.
If this caught your attention, see: Unfair Terms in Irish Contract Law
Bad Update Leads to Outage
A bad update can have devastating consequences, as seen in the case of CrowdStrike's faulty Falcon sensor update on July 19. This update caused an out-of-bounds memory read when processed by Falcon, leading to the operating system crashing with a Blue Screen of Death (BSOD).
The update slipped past CrowdStrike's internal tests due to a bug in its content validator and inadequate testing procedures. This resulted in the update being received by 8,500,000 Windows devices, potentially causing catastrophic, costly, and even dangerous IT outages.
The update caused an IT outage that lasted for days, with some companies taking days to resume normal operations. This was due to the need for staff to remove the faulty update manually, leading to extended outages and delays.
The faulty update had a significant impact on several companies, including airports, hospitals, government organizations, and financial firms. Delta Airlines, for example, cancelled 7,000 flights in the five days following the outage, making it the airline's worst-performing period.
Here's a list of some of the companies that were impacted by the CrowdStrike outage:
- Airports
- Hospitals
- Government organizations
- Financial firms
- Media groups
- Retailers
- Delivery companies
- Manufacturers
- Delta Airlines
Delta Airlines is suing CrowdStrike over the outage, accusing the company of breach of contract and negligence. The airline alleges that CrowdStrike "caused a global catastrophe" by cutting corners and taking shortcuts in its testing and certification processes.
Featured Images: pexels.com


