Microsoft has blasted Delta Air Lines in a leaked letter sent by the IT giant’s external lawyers in which they accuse the Atlanta-based carrier of ignoring offers of help from senior leaders, including Microsoft CEO Satya Nadella, and of using antiquated technology which resulted in a major operational meltdown.
Delta CEO Ed Bastian has vowed to pursue legal claims against Microsoft and IT security services firm CrowdStrike following a failed software update on July 19 that knocked out tens of thousands of Microsoft Windows-powered computers around the world.
Banks, supermarkets, and airlines were impacted by the outage, but unlike its peers and rivals, Delta struggled to recover once the software bug was fixed the same day. What turned into manageable incidents for every other airline snowballed into a major days-long operational meltdown for Delta.
Delta estimates that it has accrued losses of as much as $500 million due to the meltdown, but the airline has refused to accept any blame and has demanded that CrowdStrike and Microsoft cover all of its costs.
The letter sent by Microsoft’s attorney, however, paints a very different picture in which Delta repeatedly refused assistance from Microsoft, including from senior Microsoft leaders who attempted, unsuccessfully, to reach out to their counterparts at Delta.
In fact, on July 24, Microsoft CEO Satya Nadella personally reached out to Bastian to see whether Microsoft could offer any support to the troubled airline. Nadella has never received a response from Bastian, and it turns out the email was likely sent while Bastian was jetting off to Paris to attend the Olympic Games.
“Let me say first that Microsoft empathizes with Delta and its customers regarding the impact of the CrodStrike incident. But your letter and Delta’s public comments are incomplete, false, misleading, and damaging to Microsoft and its reputation,” the damning letter starts.
The letter continues: “The truth is very different from the false picture you and Delta have sought to paint:
Even though Microsoft’s software had not caused the CrowdStrike incident, Microsoft immediately jumped in and offered to assist Delta at no charge following the July 19 outage.
Each day that followed, from July 19 through July 21, Microsoft employees repeated their offers to help Delta. Each time, Delta turned down Microsoft’s offers to help, even though Microsoft would not have charged Delta for this assistance.
On the evening of July 22, a Microsoft employee, aware that Delta was having more difficulty than any other airline, messaged a Delta employee to say, ‘just checking in and no pressure to reply, but if you can think of anything you Microsoft team can be helping with today, just say the word.’ The Delta employee replied ‘all good. Cool will let you know and thank you’. Despite this assessment that things were ‘all good’, public reports indicate that Delta canceled more than 1,100 flights on July 22 and more than 500 flights on July 23.
More senior Microsoft executives also repeatedly reached out to help their counterparts at Delta with similar results. Among others, on Wednesday, July 24, Microsoft CEO Satya Nadella emailed Delta CEO Ed Bastian, who has never replied.”
Microsoft’s criticism of Delta does not, however, stop at the airline’s refusal to accept help from Microsoft. Instead, the letter goes on to accuse Delta of failing to invest in a modern IT infrastructure that could have prevented the spectacular meltdown that stranded tens of thousands of passengers for days on end.
In fact, Microsoft believes the system that even Delta admits was responsible for the meltdown isn’t run on its operating system but is actually a legacy IBM system.
Blasting the airline over its failure to invest in its IT system, the letter continues:
“In fact, it is rapidly becoming apparent that Delta likely refused Microsoft’s help because the IT system it was most having trouble restoring – its crew-tracking and scheduling system – was being serviced by other technology providers, such as IBM, because it runs on those providers systems and no Microsoft Windows or Azure.
Microsoft continues to investigate the circumstances surrounding the CrowdStrike incident to understand why other airlines were able to restore business operations so much faster than Delta, including American Airlines and United Airlines. Our preliminary review suggests that Delta, unlike its competitors, apparently has not modernized its IT infrastructure, either for the benefit of its customers or for its pilots and flight attendant.
Given all this, my client was surprised to see your letter. This is particularly so given that CrowdStrike has acknowledged responsibility for the content update that caused the July 19 incident.”
CrowdStrike has accepted that a bug in a routine software update caused Microsoft-powered computers to crash, but the company believes that its liability for the damage incurred at Delta should be limited to the single-digit millions of dollars.
The letter accuses Delta of making “false and damaging public statements” about the meltdown and says Microsoft “will vigorously defend itself in any litigation if Delta chooses to pursue that path”.
In ending, Microsoft’s attorney has demanded Delta preserve what could be key evidence in any potential court battle, including evidence of what legacy IT systems the airline still uses.
With a major public relations crisis looming, a spokesperson for Delta responded to Microsoft’s claims, saying: “Delta has a long track record of investing in safe, reliable and elevated service for our customers and employees. Since 2016, Delta has invested billions of dollars in IT capital expenditures, in addition to the billions spent annually in IT operating costs.”
The rest of the letter continued:
“As you know, Windows is an open platform that supports a vibrant ecosystem of programs, including built-in and first-party solutions and additional options for third-party developers, such as CrowdStrike. To ensure that Microsoft’s customers have options for the best possible protection from malicious attacks, Windows enables trusted third-party developers to develop kernel drivers in addition to user mode drivers. Security programs are able to use the kernel-mode drivers to protect the Windows system in the startup process. Third-party programs that utilise kernel drivers must balance security against resilience, and Microsoft provides feedback and best practices to third-party security program developers through Microsoft’s Virus Initiative.
Given Delta’s false and damaging public statements, Microsoft will vigorously defend itself in any litigation if Delta chooses to pursue that path. Further, Microsoft demands that Delta preserve (a) the documents CrowdStrike demanded that you preserve, as well as (b) documents discussing or referring to (i) the CrowdStrike incident and Delta’s outage, including Delta’s efforts and experience in returning to working order its systems, including its crew-tracking and scheduling system, and systems that use other third-party technology providers; (ii) the extent to which non Microsoft-systems or software, including systems provided and/or designed by IBM, Oracle, Amazon Web Services, Kyndryl or others, and systems using other operating systems, such as Linux, contributed to the interruption of Delta’s business operations between July 19 and July 24; (iii) the decision to deploy CrowdStrike across the various different systems comprising Delta’s computer infrastructure; and (iv) Delta’s communications with third-party media and/or public affairs consultants concerning the CrowdSteike incident and Delta’s outage, and concerning Delta’s communications strategy and/or public response. Such documents include both communications internally and externally, with third parties.”
