ATLANTA — Delta Air Lines initiated a lawsuit against CrowdStrike on Friday, alleging that the cybersecurity firm had cut essential corners, resulting in a massive global technology failure that caused thousands of flight cancellations in July.
The airline is seeking both compensation and punitive damages due to the incident, which was triggered by a faulty update distributed to millions of Microsoft computers. Delta indicated that the failure severely disrupted its operations for several days, leading to losses exceeding $500 million from both lost revenue and additional operational costs.
While CrowdStrike has not responded directly to the suit, a representative for the company previously noted that other airlines managed to recover from the incident at a significantly quicker pace. This representative also accused Delta of presenting a misleading picture regarding its own response efforts.
The U.S. Department of Transportation is currently examining the delays in Delta’s recovery compared to other airlines. Transportation Secretary Pete Buttigieg mentioned that the department would investigate complaints about Delta’s customer service during the outage, including reports of prolonged waiting times for assistance and accounts of unaccompanied minors being left stranded in airports.
According to Delta’s lawsuit, the technology outage occurred as a result of CrowdStrike’s failure to adequately test the aforementioned update prior to its global release.
During this critical summer travel season, Delta ended up canceling roughly 7,000 flights over a span of five days. The incident also had broader implications, affecting banks, hospitals, and various other businesses.
Delta’s lawsuit states, “CrowdStrike caused a global catastrophe by taking shortcuts and bypassing the very testing and certification processes it promotes, all for its own gain.” The suit was filed in Fulton County Superior Court in Georgia, not far from Delta’s headquarters.
Following Delta’s legal action, CrowdStrike secured its own legal team to counter the claims. Michael Carlinsky, a lawyer for the cybersecurity firm, asserted that Delta has created a misleading narrative by placing the blame on CrowdStrike for its own IT management and the response to the outage. He further argued that CrowdStrike’s liability should be assessed at less than $10 million.