Today I am doing a quick post to cover the recent CrowdStrike incident that is estimated to have disabled 8.5M computers and caused more than $5.4B in damages since last week.
Now a common questions is whether CrowdStrike will be liable for damages? The answer is most certainly yes. There is actually a very similar case that was brought to court a few years ago regarding the OVH incident, in France. While it applies to France, which is the jurisdiction I am the most familiar with, the same principles will apply to many other jurisdictions.
One quick note to clear a common misconception before we begin. Most contracts have boilerplate terms to waive liability, there is a common misconception that they may waive liability, however they do not. These terms have no meaning in most jurisdiction outside of the US and either way, it’s not possible to waive liability in most circumstances (e.g. anything involving gross negligence, criminal activities or going against the law itself).
OVH is a French datacenter and cloud provider, allegedly the largest hosting provider in Europe. They are most known for providing physical servers and virtual machines, as well as a variety of cloud services.