Delta Air Lines is suing CrowdStrike in a bid to recover the circa $500 million in estimated lost revenue months after the cybersecurity company “caused” an infamous global IT outage.
Delta, a major US carrier, was among the most vocal victims of the outage in July, reporting thousands of canceled flights which affected more than a million customers, and explored legal avenues to recoup the lost funds early on, hiring David Boies of Boies Schiller Flexner.
Delta had to cancel about 7,000 flights over the five-day period from July 19 to July 24 – a huge disruption hitting around 1.3 million customers and leading to multiple class-action lawsuits from affected passengers.
Earlier suggestions that the airline itself may seek to recover damages from both CrowdStrike and Microsoft are somewhat confirmed now a complaint against the former was filed in a Georgia state court on Friday.
Delta argues that CrowdStrike failed to properly test the Falcon sensor update that led to the widespread blue screen errors on many of its customers’ systems.
“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit,” the lawsuit reads per AP News.
In response, CrowdStrike said Delta’s claims were built on misinformation and that the airline’s failure to modernize its dated IT infrastructure was the core reason why it took so long to recover from the outage.
“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path,” said a CrowdStrike spokesperson in a statement sent to The Register today.
“Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
Regarding Delta’s allegedly aging IT kit, Microsoft made a similar accusation in response to Delta’s threat of legal action against it in August, adding that the airline’s suggestion that Windows was complicit in the outage was “false” and “misleading.”
CrowdStrike’s lawyer, Michael B Carlinsky, also previously noted that the security shop offered Delta free, on-site support to help the airline return to normal service. He said Delta rejected this offer and if the airline did go ahead with the litigation, then CrowdStrike would “respond aggressively.”
Delta said this offer of help came too late, more than 65 hours after the initial incident took hold and after the point at which most of its critical systems were back online.
The airline didn’t immediately respond to our request for additional comment.
While Delta attempts to recover some lost revenue from CrowdStrike’s pockets, it’s also having to deal with the US Transportation Department’s investigation into the incident and why the airline took days to recover.
Delta was by far and away the hardest-hit airline in the US, despite other major carriers Allegiant Air, American Airlines, Frontier Airlines, Spirit Airlines, and United Airlines all reporting major issues.
Transportation Secretary Peter Buttigieg said at the time that the slow recovery was “unacceptable.” Around 3,000 complaints were made against Delta including those from people forced to sleep on airport floors as they waited for their flight to be rescheduled. ®