Photo souce: Wikimedia Commons
Delta Air Lines has filed a lawsuit against CrowdStrike in Georgia, claiming breach of contract and negligence after a July outage that grounded 7,000 flights and affected millions of computers.
Unlike other airlines that managed to recover swiftly, Delta reported a staggering financial impact, estimating a revenue loss of USD $380 million alongside USD $170 million in additional costs. This disruption was triggered by a problematic software update affecting systems operating on Microsoft’s Windows platform.
In the wake of the incident, Delta retained attorney David Boies from Boies Schiller Flexner to seek damages from both CrowdStrike and Microsoft. The airline is pursuing compensation to cover its losses, as well as legal fees and punitive damages.
In its lawsuit, Delta contended that “CrowdStrike instigated a worldwide disaster by cutting corners, opting for shortcuts, and bypassing the very testing and certification protocols it promoted, all for its own gain.”
They further asserted that had CrowdStrike tested the flawed update on even one computer prior to its deployment, the failure would have been evident.
Despite having disabled automatic updates from CrowdStrike, Delta claimed that this particular update still reached their systems. The airline accused CrowdStrike’s Falcon software of creating and exploiting an unauthorised access point in Windows, which Delta asserted it would never have permitted.
Delta’s CEO Ed Bastian emphasised that “the chaos that ensued warrants full compensation.”
Meanwhile, CrowdStrike’s CEO George Kurtz has expressed regret over the incident and committed to revising company practices to prevent future occurrences. In August, the firm adjusted its annual forecasts downward due to a customer commitment package linked to the outage.
“While we sought a business resolution focused on our customers, Delta has opted for a different route. The allegations made by Delta are rooted in disproven misinformation, reveal a misunderstanding of contemporary cybersecurity, and represent a desperate effort to deflect responsibility for its sluggish recovery stemming from its outdated IT infrastructure,” stated by a representative from CrowdStrike via email.
Meanwhile, Microsoft has been engaged in discussions regarding potential enhancements with CrowdStrike and other endpoint security software providers during a summit held in September.