irliCrowdStrike and Delta Air Lines have filed a lawsuit against each other over a July disruption that caused the airline to cancel 7,000 flights in less than a week and took down millions of computers worldwide.
TakeAway Points:
- Delta is requesting damages for an IT outage involving CrowdStrike’s security software that resulted in losses of over $500 million, as well as litigation expenses and punitive penalties.
- Despite turning off automated upgrades, the airline said CrowdStrike’s software bugs nevertheless made their way to its computers, causing thousands of flights to be cancelled and making recovery more difficult than its rivals.
- CrowdStrike claimed in its lawsuit that their problems were caused by “Delta’s own incompetence.”
Delta and CrowStrike open lawsuit
In a suit filed in Fulton County Superior Court in Georgia on Friday, Delta accused the security software vendor of breach of contract and negligence.
Other airlines recovered more quickly than Atlanta-based Delta, which said the incident reduced revenue by $380 million and brought $170 million in costs. The flawed software update affected computers running Microsoft’s Windows operating system.
Also on Friday, CrowdStrike filed a suit against Delta in U.S. District Court in Georgia over Delta’s blame of the tech company for the mass flight cancellations. Crowdstrike is seeking a court declaration that what it owes the airline is limited to what’s in its service agreement.
CrowdStrike said in its suit that “any damages suffered by Delta following the July 19 Incident are the result primarily of Delta’s own negligence.”
Delta said it plans to seek a dismissal of CrowdStrike’s suit.
“We believe this declaratory action and the alleged bases for federal jurisdiction are meritless,” the airline said.
The two companies had publicly traded blame over the flight cancellations in the weeks after the chaos.
Days after the outage, Delta hired David Boies of law firm Boies Schiller Flexner to seek damages from CrowdStrike and Microsoft. Delta asked for damages to cover its losses, along with litigation costs and punitive damages.
“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit,” Delta said in its complaint. “If CrowdStrike had tested the Faulty Update on even one computer before deployment, the computer would have crashed.”
Delta disabled CrowdStrike automatic updates
The Airline had disabled automatic updates from CrowdStrike but this one reached its computers anyway, the airline said in the suit. Delta claimed that CrowdStrike’s Falcon software created and exploited an unauthorized door in Windows that the airline said it never would have allowed.
“The havoc that was created deserves, in my opinion, to be fully compensated for,” Delta CEO Ed Bastian said in an interview earlier this month.
CEO George Kurtz has apologized for the incident, and the company has committed to changing its practices to prevent similar events. In August, CrowdStrike lowered its full-year guidance because of a customer commitment package related to the outage.
“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path,” a CrowdStrike spokesperson said in an email.
“Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
Microsoft discussed various potential enhancements with CrowdStrike and other endpoint security software sellers at a summit in September.