Delta just sent a warning to CrowdStrike about the money it wants to use to cover losses from a massive outage

• Delta Air Lines is seeking compensation from CrowdStrike and Microsoft for a software outage in July.

• The outage forced Delta to cancel 6,000 flights, potentially costing the company between $350 million and $500 million.

• CrowdStrike’s liability may be limited to refunds, making it unlikely that it will pay any significant compensation.

Delta Air Lines is preparing to collect money after a failure that plunged the world, including the airline, into chaos.

The carrier has hired prominent attorney David Boies to seek compensation from CrowdStrike and Microsoft for a July 19 computer glitch that forced Delta to cancel about 6,000 flights, CNBC reported Monday.

Boies represented Theranos founder Elizabeth Holmes, Al Gore in the 2000 presidential election, and the U.S. government in an antitrust case against Microsoft in 1998.

His law firm, Boies Schiller Flexner, and Delta did not respond to Business Insider’s requests for comment sent outside business hours.

While no lawsuit has been filed yet, Delta plans to seek damages from CrowdStrike and Microsoft, CNBC reported.

Delta’s stock price was little changed after the close of trading on Monday, while CrowdStrike’s shares fell 5.5% in after-hours trading.

Earlier this month, CrowdStrike disrupted businesses around the world after a bug in a software update for the cybersecurity firm led to thousands of Microsoft computer systems going offline.

Analysts estimate that Delta, one of the hardest-hit airlines, will suffer a loss of $350 million to $500 million in profit this quarter due to reputational damage and ticket refunds, Bloomberg reported last week.

Liability limited to returns

But experts say Delta and its new legal team led by Boies may not be able to get much out of CrowdStrike.

The cybersecurity firm’s terms and conditions state that CrowdStrike does not have to pay out anything beyond a refund.

This conditions for CrowdStrike’s Falcon security software – which is used by companies and government agencies worldwide — limit liability to “fees.”

That means if companies like Delta were to sue for damages or lost revenue, CrowdStrike would only pay them the cost of the software, Elizabeth Burgin Waller, head of Cybersecurity & Data Privacy at Woods Rogers, told Business Insider earlier this month.

Even those hoping to seek compensation from CrowdStrike under proposed class action lawsuits may have little chance of success.

Mauricio Sanchez, senior director at technology research firm Dell’Oro Group, said CrowdStrike may not have to pay at all.

“While this is going to be a terrible summer for CrowdStrike lawyers as they defend themselves against clients with torches and pitchforks, I don’t think CrowdStrike will have to pay much, if any, in damages,” Sanchez told industry publication Fierce Network last week.

A recent case — this time involving a hack rather than a simple software update — sets a precedent for how big customers like Delta might fare in court.

In 2020, hackers breached the systems of Texas-based SolarWinds and added malicious code to the company’s software system. More than 30,000 customers unknowingly received software updates that contained the compromised code, leading to hackers spying on the company and government organizations.

Earlier this month, a U.S. judge dismissed most of a lawsuit filed by the Securities and Exchange Commission that accused SolarWinds of defrauding investors by concealing security flaws.

Sanchez said CrowdStrike has a good chance in court, given customer agreements favorable to CrowdStrike and SolarWinds’ significant leverage with the SEC.

Andrew Selbst, an assistant professor at UCLA School of Law, told Harvard Law Today last week that customers can sue the company for negligence, a common class action lawsuit.

“Ultimately, it’s hard to win,” he said.

Another consequence for CrowdStrike could be regulation, particularly from the Federal Trade Commission.

“The FTC has a practice of settling with these companies and holding them under consent decree for about 20 years,” Selbst said. “But with the FTC, you don’t get compensation or restitution for individual customers. It’s just a regulatory regime, and they get fines that are paid to the federal government.”

Read the original article on Business Insider