On October 25, Delta Air Lines filed a lawsuit against cybersecurity company CrowdStrike in Georgia, accusing the firm of causing a global outage in July that led to mass flight cancellations and significant financial losses.
The outage, triggered by what Delta claims was a faulty software update, impacted millions of Windows-based systems worldwide. The disruption forced the Atlanta-based airline to cancel 7,000 flights, impacting the travel plans of 1.3 million passengers.
The financial fallout reportedly cost Delta over $500 million, with $380 million attributed to revenue loss and an additional $170 million in incurred costs.
The Impact and Delta Airlines’ Legal Argument
According to Delta’s filing in Fulton County Superior Court, CrowdStrike’s untested update had a “catastrophic” effect on Delta’s operations, leading to prolonged disruptions.
Delta has filed suit against Crowdstrike for the July outage. $DAL pic.twitter.com/lZpnCS9Zbi
— Edward Russell (@ByERussell) October 25, 2024
Although other airlines managed to recover quickly, Delta reported slower progress, attributing this to the software flaw.
Delta argues that CrowdStrike’s software failure undermined the company’s massive investment in IT infrastructure. The company alleges it neglected proper testing before deploying the update.
The lawsuit seeks over $500 million in compensation for out-of-pocket losses, as well as future revenue loss and reputational damage.
The July 19 outage impacted the airline industry severely. But, it also extended to banks, healthcare providers, media outlets, and hotel chains globally.
Delta has been a customer of CrowdStrike since 2022, relying on its cybersecurity solutions.
However, Delta contends that CrowdStrike should bear responsibility for the disruption, noting that a properly tested update could have prevented the incident.
Delta hired high-profile attorney David Boies to lead its legal battle and recover its losses.
CrowdStrike’s Response and Ongoing Debate
CrowdStrike, on the other hand, disputes Delta’s claim, attributing the airline’s slow recovery to its outdated IT infrastructure rather than the faulty update alone.
CrowdStrike CEO George Kurtz has publicly apologized, acknowledging the incident’s impact and pledging to implement preventive measures.
Today was not a security or cyber incident. Our customers remain fully protected.
We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can…
— George Kurtz (@George_Kurtz) July 19, 2024
The company also announced a financial commitment package to affected clients, which led to a lowered full-year guidance.
In response to Delta’s lawsuit, CrowdStrike emphasized its commitment to continuous improvement but questioned why Delta was more severely impacted than other organizations.