Delta files $500 million lawsuit against CrowdStrike following July outage
October 28, 2024
Delta Air Lines has is suing CrowdStrike in the aftermath of a July service outage that caused global disruption and led the US carrier to cancel around 7,000 flights – believing the Texas-headquartered cybersecurity company “must ‘own’ the disaster it created” through its series of “intentional and grossly negligent acts”.
“On July 19, 2024, CrowdStrike forced untested and faulty updates to its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash, while also preventing them from being able to restart,” clarified Delta in a filing to the state of Georgia’s Superior Court of Fulton County. With massive disruption felt by businesses, government agencies and other organisations worldwide, Delta estimates it suffered over $500 million in out-of-pocket losses from the faulty update (alongside reputational damage).
Delta alleges that CrowdStrike “caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised” – believing that CrowdStrike’s Falcon system and faulty update, installed onto Delta’s computers without its consent, constitutes intentional violation of the Fair Business Practices Act.
A CrowdStrike spokesperson refuted Delta’s claims, stating: “While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path. Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernise its antiquated IT infrastructure”.
A Delta spokesperson responded that “CrowdStrike has also conceded it failed to adhere to even basic industry-standard practices for IT updates, such as conducting a phased roll out and providing rollback capabilities. In fact, if CrowdStrike had tested this on even a single computer, that computer would have crashed”.
Aviation data analytics specialist Cirium has previously noted that the CrowdStrike IT outage “exposes the industry’s vulnerability due to its heavy dependence on technology,” with the incident underscoring the “urgent need for airlines to develop more resilient IT systems”. Over the 72-hour outage period, Cirum data suggested that around 4% of globally scheduled passenger flights were cancelled – with Delta, American Airlines, British Airways, Lufthansa and United Airlines amongst those facing the most severe disruption.
