More likely there are established payouts they owe their customers. They undoubtedly have a Service Level Agreement that spells out monetary compensation they must pay for outages they cause. It's...
More likely there are established payouts they owe their customers. They undoubtedly have a Service Level Agreement that spells out monetary compensation they must pay for outages they cause. It's standard procedure for SaaS/PaaS.
Similarly, Amazon has to pay up if AWS has an outage and causes the company I work for large amounts of lost revenue.
Hypothetically, hospitals may have a case for negligence or at least breach of contract, given the nature of the outage. They were trusted to not break critical systems that have a direct effect on hospital capacity and risk to human life, and clearly cowboy-deployed changes without sufficient verification (on a Friday, too, seriously?), which demonstrably effect all Windows machines the software runs on, not just some subset. Automated integration tests could have and should have caught this.
I bet some HIPAA and PCI compliance types would like to take a closer look at that. Basically running a glorified rootkit that pulls changes, bypassing any staged rollouts IT has in place, on machines that may be handling patient information or PCI data (e.g. credit card information) seems questionable. Having your compliance box-ticking software be an enormous hole in regulatory compliance isn't something companies tend to appreciate.
SLAs cover outages as you say, but they typically don't cover "you made every single computer my company owns simultaneously unusable." When AWS goes down, your employees can still use their...
SLAs cover outages as you say, but they typically don't cover "you made every single computer my company owns simultaneously unusable." When AWS goes down, your employees can still use their computers to talk to each other and deal with the problem. That's why I think they'll be sued, because this incident goes far beyond a standard service outage.
Bingo. I don't know why anyone is asking what they'd be sued for. This is analogous to a cyber attack and GROSS negligence on the part of the company that pushed this update. It's not "a service...
Bingo. I don't know why anyone is asking what they'd be sued for. This is analogous to a cyber attack and GROSS negligence on the part of the company that pushed this update.
It's not "a service outage". It's straight up taking down every single one of your machines. Entire departments could not work on ANYTHING because of this. It's not even close to covered by the standard SLA.
Sure, but a) we don't know what contracts they have with customers, and what outs they have for themselves b) the actual amounts will be negotiated individually with each customer depending on...
Sure, but a) we don't know what contracts they have with customers, and what outs they have for themselves b) the actual amounts will be negotiated individually with each customer depending on their size and leverage c) this will never go to a lawsuit most likely.
Financial damages to airlines and other companies affected by their negligence, and CrowdStrike shareholders will also probably try to sue them for their own losses as the stock price plunges.
Financial damages to airlines and other companies affected by their negligence, and CrowdStrike shareholders will also probably try to sue them for their own losses as the stock price plunges.
That's not really grounds to sue. Shareholders can try, but these fiduciary duty suits almost always go nowhere. Most likely it will end up entirely settled between Crowdstrike and their bigger...
That's not really grounds to sue. Shareholders can try, but these fiduciary duty suits almost always go nowhere. Most likely it will end up entirely settled between Crowdstrike and their bigger clients. By the end of year I'd guess their stock price will have fully recovered.
I agree shareholder lawsuits would be a stretch, but I still think some people will try. I just can't imagine large customers are going to be satisfied with just getting their money back or...
I agree shareholder lawsuits would be a stretch, but I still think some people will try. I just can't imagine large customers are going to be satisfied with just getting their money back or whatever additional concessions CrowdStrike is willing to volunteer, and this is such a clear case of negligence that I think some of them will try to sue. This was not an unavoidable type of bug, there are so many obvious, industry-standard steps that would have prevented this catastrophic outage that it really is shocking such a large company let it happen.
Some could try, but unless they actually get to a settlement I wouldn't really count that as much of anything given the barrier to merely filing a suit is non-existent. I don't think any suits are...
Some could try, but unless they actually get to a settlement I wouldn't really count that as much of anything given the barrier to merely filing a suit is non-existent. I don't think any suits are going to get anywhere here. They'll be settled internally - no one in the corporate world likes making a stink when you don't have to.
I've worked for corporate litigation firms for a number of years. I'm sure companies are waiting to see what the resulting damages look like and how cooperative Crowd strike is but they are going to want to recoup their costs one way or another.
Providing a defective product (update) that cost businesses money. I guess that would come down the language in the contracts if those businesses signed off on some risks and if CrowdStrike was...
Providing a defective product (update) that cost businesses money.
I guess that would come down the language in the contracts if those businesses signed off on some risks and if CrowdStrike was negligent in levels of testing that might have obligated to do.
I'm just waiting for CrowdStrike to get sued out of existence, I'm surprised it hasn't already started yet.
What would it be sued for?
More likely there are established payouts they owe their customers. They undoubtedly have a Service Level Agreement that spells out monetary compensation they must pay for outages they cause. It's standard procedure for SaaS/PaaS.
Similarly, Amazon has to pay up if AWS has an outage and causes the company I work for large amounts of lost revenue.
Hypothetically, hospitals may have a case for negligence or at least breach of contract, given the nature of the outage. They were trusted to not break critical systems that have a direct effect on hospital capacity and risk to human life, and clearly cowboy-deployed changes without sufficient verification (on a Friday, too, seriously?), which demonstrably effect all Windows machines the software runs on, not just some subset. Automated integration tests could have and should have caught this.
I bet some HIPAA and PCI compliance types would like to take a closer look at that. Basically running a glorified rootkit that pulls changes, bypassing any staged rollouts IT has in place, on machines that may be handling patient information or PCI data (e.g. credit card information) seems questionable. Having your compliance box-ticking software be an enormous hole in regulatory compliance isn't something companies tend to appreciate.
SLAs cover outages as you say, but they typically don't cover "you made every single computer my company owns simultaneously unusable." When AWS goes down, your employees can still use their computers to talk to each other and deal with the problem. That's why I think they'll be sued, because this incident goes far beyond a standard service outage.
Bingo. I don't know why anyone is asking what they'd be sued for. This is analogous to a cyber attack and GROSS negligence on the part of the company that pushed this update.
It's not "a service outage". It's straight up taking down every single one of your machines. Entire departments could not work on ANYTHING because of this. It's not even close to covered by the standard SLA.
Sure, but a) we don't know what contracts they have with customers, and what outs they have for themselves b) the actual amounts will be negotiated individually with each customer depending on their size and leverage c) this will never go to a lawsuit most likely.
I actually am well aware of what kind of contracts crowd strike has and frankly I’ll be shocked if this isn’t litigated
Financial damages to airlines and other companies affected by their negligence, and CrowdStrike shareholders will also probably try to sue them for their own losses as the stock price plunges.
That's not really grounds to sue. Shareholders can try, but these fiduciary duty suits almost always go nowhere. Most likely it will end up entirely settled between Crowdstrike and their bigger clients. By the end of year I'd guess their stock price will have fully recovered.
I agree shareholder lawsuits would be a stretch, but I still think some people will try. I just can't imagine large customers are going to be satisfied with just getting their money back or whatever additional concessions CrowdStrike is willing to volunteer, and this is such a clear case of negligence that I think some of them will try to sue. This was not an unavoidable type of bug, there are so many obvious, industry-standard steps that would have prevented this catastrophic outage that it really is shocking such a large company let it happen.
Some could try, but unless they actually get to a settlement I wouldn't really count that as much of anything given the barrier to merely filing a suit is non-existent. I don't think any suits are going to get anywhere here. They'll be settled internally - no one in the corporate world likes making a stink when you don't have to.
Providing a defective product (update) that cost businesses money.
I guess that would come down the language in the contracts if those businesses signed off on some risks and if CrowdStrike was negligent in levels of testing that might have obligated to do.
I was just about to offer the same thought. I was wondering if any lawsuits started yet.
Previous discussions can be found here.