Delta Air Lines has filed a lawsuit against the IT security firm Crowdstrike in a bid to reclaim $500 million in losses it racked up following a massive operational meltdown the Atlanta-based carrier suffered in the wake of a failed update pushed to Microsoft-enabled computers by Crowdstrike in July.
The lawsuit, filed in a Fulton County court on Friday, accuses Crowdstrike of a “series of intentional grossly negligent acts” that caused a ‘blue screen of death’ on millions of computers using the Microsoft operating system worldwide.
The failed update affected hospitals, supermarkets, banks, and many other businesses that had relied on Crowdstrike to keep their systems secure from cyber hackers. Unlike nearly every other business affected by the outage, however, Delta struggled to recover, and issues dragged on for days.
By the time Delta had its systems back up and running, the airline had been forced to cancel more than 5,000 flights over a five-day period—nearly four times as many flights as American Airlines and United canceled during the same period combined.
Delta, however, continues to solely blame Crowdstrike for its operational meltdown and has demanded the company cover all of its losses stemming from the July 19 outage.
“While Crowdstrike has sought to characterize its actions as simple learning opportunities, the reality is Crowdstrike took shortcuts, circumvented certifications, and intentionally created and exploited an unauthorized door within the Microsoft operating system through which it deployed the faulty update,” the lawsuit alleges.
“Crowdstike has also conceded it failed to adhere to even basic industry-standard practices for IT updates, such as conducting a phased roll out and providing rollback capabilities. In fact, if Crowdstrike had tested this on even a single computer, that computer would have crashed.”
In late July, Delta brought in a top attorney to pursue damages against Crowdstrike if the company was unwilling to reach a settlement. CrowdStrike’s CEO George Kurtz later told CNBC that the company was hoping to meet with Delta and thrash out a resolution.
CrowdStrike admits that the update it automatically deployed on July 19 was inadvertently riddled with bugs that ‘bricked’ computers running Microsoft Windows or Azure.
Both Crowdstrike and Microsoft have, however, insinuated that the only reason that Delta was so badly affected by the outage was because it was using legacy IT systems and had failed to keep its infrastructure updated. Delta strenuously denies those allegations.
Delta said in an SEC filing earlier this year that the cost of customer refunds and compensation in the form of cash and SkyMiles payments stemming from the meltdown cost around $380 million.
Non-fuel expenses associated with the meltdown and recovery cost the airline an additional $170 million, driven by reimbursing passengers and crew members for hotel stays and other expenses.
However, the airline capped the losses at $500 million as it saved $50 million in fuel expenses due to all of the flights it canceled.
Delta is 90% at fault. Good luck recovering more than $10m from Crowdstrike. Delta needs to upgrade their ancient IT systems.
Modern IT systems at delta would have crashed anyways. The Crowdstike update operates at the operating system level. Backup computers are also affected.
Case & point: SWA runs old windows 3.1 and was unaffected.
So the claim that Delta failed to recover due to old IT is categorically false.