CrowdStrike vs Delta: outage blame game to play out in court


It’s dueling lawsuits between CrowdStrike and Delta as the cybersecurity firm – whose faulty patch led to a worldwide outage of Microsoft Windows-run systems this summer – decides to counter the airline carrier’s own legal action, both filed on Friday.

Let the “blame games” begin. Crowdstrike said it has filed a lawsuit against Delta Airlines in Georgia courts in response to a lawsuit filed by Delta blaming the cybersecurity firm for the $500 million in losses it incurred because of the "catastrophic" IT outage.

“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path,” Crowdstrike said in a statement sent to Cybernews late Monday.

ADVERTISEMENT

“Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure,” CrowdStrike said.

A faulty software update, pushed through to hundreds of Crowdstrike customers without being tested on July 19th, was revealed as the reason behind the failure of 8.5 million computers running Windows OS, many of which were rendered inoperable for nearly a week.

The technical issues hit the banking, healthcare, and media industries and forced multiple air carriers around the world to ground flights, including United and American Airlines, as well as smaller US carriers, such as Spirit and Frontier.

CrowdStrike BSOD at Denver airport
The "blue screen of death" appears on overhead monitors at the Denver Airport during the CrowdStrike global IT outage. July 19th, 2024. Image by CLS Digital Arts | Shutterstock.

But Delta Airlines proved to be one the hardest hit of all carriers, causing roughly 7,000 flight cancellations over five days, and impacting travel for 1.3 million customers, Delta claims in the lawsuit filed on Friday in Fulton County District Court.

"If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed," the Delta lawsuit stated.

CrowdStrike: Delta refused help

CrowdStrike’s CEO George Kurtz, who was called to testify before Congress in September about the “blue screen of death” fiasco, has made it clear that his company should not have to pick up the $500 million tab Delta is trying to stick them with.

ADVERTISEMENT

In its countersuit, also filed on Friday, CrowdStrike is now seeking a declaratory judgment plus legal fees.

CrowdStrike also doubled down on its version of events, arguing that Delta had declined multiple offers from CrowdStrike and Microsoft tech experts to help the airline restore systems in the wake of its meltdown.

“We have filed for a declaratory judgment to make it clear that CrowdStrike did not cause the harm that Delta claims and they repeatedly refused assistance from both CrowdStrike and Microsoft. Any claims of gross negligence and willful misconduct have no basis in fact,” the CrowdStrike spokesperson told Cybernews.

Instead, the CrowdStrike lawsuit said Delta's recovery delays were a result of poor response protocols and technological deficiencies, and therefore the security firm is only minimally responsible for how things unfolded for the airline.

In August, CrowdStrike stated that any legal action by Delta only contributes to a “misleading narrative” pinning the cybersecurity firm as solely responsible for the airline’s troubles getting back online.

Although CrowdStrike said it had issued a software fix for its Falcon Sensor endpoint protection system within 78 minutes of the outage, many large organizations had tens of thousands of fried computers spread across the globe and struggled to quickly, and remotely, deploy the fixes across such vast networks, security experts explained at the time.

CrowdStrike offered many companies personal one on one support to help with recovery efforts.

Ernestas Naprys Gintaras Radauskas Niamh Ancell BW vilius
Don’t miss our latest stories on Google News
ADVERTISEMENT

Back in July, insurance industry analysts had estimated company losses from the outage could top over $1 billion.

The Atlanta-based airlines, which revealed its estimated $500 million price tag and intention to file the lawsuit in August, said CrowdStrike should not only be liable for $500 million in out-of-pocket losses, but should also have to pony up for lost profits, legal fees, reputational harm, and even future revenue loss.

According to Delta, it has invested billions of dollars in information technology licensing and infrastructure.

US Transportation Secretary Pete Buttigieg slammed Delta for the chaotic conditions at the time, holding the carrier to provide either prompt refunds or free rebooking, plus timely reimbursements for food and hotel stays to the customers affected by delays and cancellations.

The US Transportation Department has since opened its own investigation into the worldwide "Crowd Out."