- Delta is seeking damages to cover more than $500 million in losses, along with legal costs and punitive damages, following an IT outage involving CrowdStrike’s security software.
- The airline, which has canceled thousands of flights, said CrowdStrike’s software bugs reached computers even though it had disabled automatic updates.
Delta Airlines filed a lawsuit against CrowdStrike in Georgia, accusing the security software provider of breach of contract and negligence after a July outage that shut down millions of computers and led to 7,000 flight cancellations.
Other airlines recovered faster than Atlanta-based Delta the incident reduced sales by $380 million and incurred $170 million in costs. The flawed software update affected computers running Microsoft’s Windows operating system.
Days after the outage, Delta hired David Boies from law firm Boies Schiller Flexner to seek damages from CrowdStrike and Microsoft. Delta asked for damages to cover its losses, along with legal costs and punitive damages.
“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the testing and certification processes it advertised for its own benefit and profit,” Delta said in its complaint. “If CrowdStrike had tested the faulty update on even one computer before deploying it, the computer would have crashed.”
Delta had disabled CrowdStrike’s automatic updates, but it still reached the computers, the airline said in the lawsuit. Delta alleged that CrowdStrike’s Falcon software created and exploited an unauthorized door in Windows that the airline said it would never have allowed.
“The devastation that has been caused, in my opinion, deserves to be fully compensated,” Delta CEO Ed Bastian told CNBC in a statement interview earlier this month.
CEO George Kurtz has apologized for the incident and the company has committed to changing its practices to prevent similar occurrences. In August CrowdStrike reduced full-year expectations were scrapped due to a package of customer commitments related to the outage.
“While we strived to achieve a customer-first business solution, Delta has chosen a different path,” a CrowdStrike spokesperson told CNBC in an email. “Delta’s claims are based on debunked disinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for the slow recovery to its inability to modernize aging IT infrastructure. ”
Microsoft has discussed several potential improvements with CrowdStrike and other endpoint security software vendors at a summit in September.
WATCH: Delta is firing back at CrowdStrike, saying the outage has cost it $380 million in revenue
Leave a Reply