Delta Sues CrowdStrike Over IT Outage, Seeking Damages After Massive Flight Cancellations

Delta Air Lines has filed a lawsuit against cybersecurity firm CrowdStrike, accusing the company of breach of contract and negligence after a software outage in July led to a severe IT failure, grounding millions of computers and resulting in the cancellation of 7,000 flights. The widespread disruption caused significant financial losses for Delta, amounting to $380 million in reduced revenue and $170 million in related costs.

The issue arose from a flawed software update that affected computers running Microsoft’s Windows operating system. While other airlines managed to recover from the outage more quickly, Delta struggled, prompting the Atlanta-based airline to take legal action. In addition to CrowdStrike, Delta has also included Microsoft in its lawsuit, seeking compensation for its losses, as well as punitive damages and litigation costs. Delta had retained prominent lawyer David Boies of Boies Schiller Flexner to lead the legal battle.

Delta’s complaint alleges that CrowdStrike’s software update caused a “global catastrophe” by circumventing crucial testing and certification processes. The airline claimed that if the update had been tested on just one computer, the issue could have been avoided. Delta also accused CrowdStrike of exploiting an unauthorized vulnerability in Windows, allowing the update to reach the airline’s systems despite disabling automatic updates from the software vendor.

CrowdStrike CEO George Kurtz has publicly apologized for the incident and stated that the company is committed to preventing future occurrences. However, in response to the lawsuit, a CrowdStrike spokesperson denied Delta’s accusations, stating the airline’s claims are based on misinformation and reflect a misunderstanding of modern cybersecurity practices. The spokesperson also suggested that Delta’s IT recovery was delayed due to its outdated infrastructure, not solely because of the software failure.