Delta officially launches lawyers at $500M CrowdStrike problem
Legal action comes months after alleging negligence by Falcon vendor
Delta Air Lines is suing CrowdStrike in a bid to recover the circa $500 million in estimated lost revenue months after the cybersecurity company "caused" an infamous global IT outage.
Delta, a major US carrier, was among the most vocal victims of the outage in July, reporting thousands of canceled flights which affected more than a million customers, and explored legal avenues to recoup the lost funds early on, hiring David Boies of Boies Schiller Flexner.
Delta had to cancel about 7,000 flights over the five-day period from July 19 to July 24 – a huge disruption hitting around 1.3 million customers and leading to multiple class-action lawsuits from affected passengers.
Earlier suggestions that the airline itself may seek to recover damages from both CrowdStrike and Microsoft are somewhat confirmed now a complaint against the former was filed in a Georgia state court on Friday.
Delta argues that CrowdStrike failed to properly test the Falcon sensor update that led to the widespread blue screen errors on many of its customers' systems.
"CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit," the lawsuit reads per AP News.
In response, CrowdStrike said Delta's claims were built on misinformation and that the airline's failure to modernize its dated IT infrastructure was the core reason why it took so long to recover from the outage.
"While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path," said a CrowdStrike spokesperson in a statement sent to The Register today.
"Delta's claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure."
Regarding Delta's allegedly aging IT kit, Microsoft made a similar accusation in response to Delta's threat of legal action against it in August, adding that the airline's suggestion that Windows was complicit in the outage was "false" and "misleading."
CrowdStrike's lawyer, Michael B Carlinsky, also previously noted that the security shop offered Delta free, on-site support to help the airline return to normal service. He said Delta rejected this offer and if the airline did go ahead with the litigation, then CrowdStrike would "respond aggressively."
Delta said this offer of help came too late, more than 65 hours after the initial incident took hold and after the point at which most of its critical systems were back online.
In a statement sent to The Register, the airline said:
"CrowdStrike committed a series of intentional and grossly negligent acts that caused the global IT outage on July 19, impacting 8.5 million computers.
"While CrowdStrike has sought to characterize its actions as simple learning opportunities, the reality is CrowdStrike took shortcuts, circumvented certifications, and intentionally created and exploited an unauthorized door within the Microsoft operating system through which it deployed the faulty update.
"CrowdStrike has also conceded it failed to adhere to even basic industry-standard practices for IT updates, such as conducting a phased roll out and providing rollback capabilities. In fact, if CrowdStrike had tested this on even a single computer, that computer would have crashed."
While Delta attempts to recover some lost revenue from CrowdStrike's pockets, it's also having to deal with the US Transportation Department's investigation into the incident and why the airline took days to recover.
- Microsoft punches back at Delta Air Lines and its legal threats
- Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late
- Uncle Sam opens probe into CrowdStrike turbulence at Delta Air Lines
- Administrators have update lessons to learn from the CrowdStrike outage
Delta was by far and away the hardest-hit airline in the US, despite other major carriers Allegiant Air, American Airlines, Frontier Airlines, Spirit Airlines, and United Airlines all reporting major issues.
Transportation Secretary Peter Buttigieg said at the time that the slow recovery was "unacceptable." Around 3,000 complaints were made against Delta including those from people forced to sleep on airport floors as they waited for their flight to be rescheduled. ®