Delta Air Lines has filed a lawsuit against CrowdStrike, accusing the company of negligence and breach of contract.
The legal action follows a significant IT outage in July that affected millions of computers and resulted in the cancellation of approximately 7,000 Delta flights, severely disrupting its operations.
The airline claims a faulty software update deployed by CrowdStrike was responsible for the incident.
Delta’s Allegations Against CrowdStrike
The airline alleges CrowdStrike’s software update bypassed the airline’s disabled automatic updates. It also claims it exploited an unauthorized backdoor in Microsoft’s Windows operating system.
Delta claims the system crash and subsequent disruptions could have been avoided if CrowdStrike had adequately tested the update on even one computer before deploying it.
Delta argues that the company’s Falcon software compromised their IT infrastructure by introducing a vulnerability that led to extensive outages.
A statement from Delta said:
“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit.”
Delta is looking for damages to cover its estimated $380 million loss in revenue, $170 million in additional costs, litigation expenses, and punitive damages.
Need Career Advice? Get employment skills advice at all levels of your career
Broader Impact and Recovery Efforts
Delta claims other airlines recovered from the IT incident more quickly than it did.
It says the slower recovery reflects the extent of the damage done by the flawed update.
After the incident, Delta hired renowned attorney David Boies of Boies Schiller Flexner to pursue legal action against CrowdStrike and Microsoft, seeking accountability for the disruptions.
In response to the incident, Delta CEO Ed Bastian emphasized the financial and operational impact.
He said:
“The havoc that was created deserves, in my opinion, to be fully compensated for.”
CrowdStrike’s Response and Contested Claims
CrowdStrike has refuted Delta’s allegations.
Lawyers argue the airline’s claims are based on misinformation and a lack of understanding of modern cybersecurity practices.
The company maintained its software updates were not responsible for Delta’s prolonged recovery. It suggests the airline’s outdated IT infrastructure contributed significantly to the crisis.
A spokesperson said:
“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path.”
The company expressed regret over the incident and stated that it has committed to making necessary changes to prevent similar issues in the future.
The Broader Cybersecurity Landscape
The incident underscores the complex challenges facing companies in safeguarding their digital infrastructure, especially in critical sectors like aviation.
Microsoft has been involved in discussions with CrowdStrike and other cybersecurity firms to explore improvements and updates in its endpoint security practices.
This lawsuit also comes amid increasing scrutiny of cybersecurity measures by large organizations following a spate of high-profile cyberattacks targeting sensitive infrastructure and businesses.
As airlines become more reliant on integrated IT systems, disruptions such as these pose significant risks not only to operations but also to passenger trust and safety.
Looking Ahead: What’s Next?
As Delta and CrowdStrike prepare for a legal showdown, the case raises crucial questions about accountability and diligence in cybersecurity.
With millions of dollars at stake and both companies’ reputations on the line, the outcome of this lawsuit could set a precedent for future disputes involving software providers and their clients.
For now, Delta is pushing for a resolution that holds CrowdStrike accountable for the disruptions, while CrowdStrike continues to defend its practices and shift the focus to Delta’s aging IT systems.
Whatever the outcome, the aviation industry and cybersecurity sector alike will be closely watching as this high-stakes case unfolds.
