Delta Air Lines sues CrowdStrike over global summer Windows outage

American airline Delta Air Lines has filed a lawsuit against antivirus software developer CrowdStrike over a massive outage that occurred in July. The failure led to massive flight cancellations and multimillion-dollar losses for the airline.

Image Source: Wesley Tingey/Unsplash

According to CNBC, Delta is accusing CrowdStrike of breach of contract and negligence, resulting in the cancellation of 7,000 flights, the disruption of millions of computers, a loss of $380 million in revenue and $170 million in losses. The outage affected computers running the Windows operating system from Microsoft.

To protect its interests, Delta hired renowned attorney David Boies of the law firm Boies Schiller Flexner. The company is seeking damages from CrowdStrike and Microsoft, including legal costs and punitive damages. The lawsuit alleges that “CrowdStrike caused a global disaster because it resorted to subterfuge and bypassed testing and certification processes for its own benefit and profit.” Delta noted that if CrowdStrike had tested its update on at least one computer before deploying it to millions of computers, the disaster could have been avoided.

Image Source: CrowdStrike

The company also stated that although it had disabled automatic updates from CrowdStrike, the update still made it to their computers. That is, CrowdStrike’s Falcon software independently created and exploited unauthorized access to Windows and installed an update without permission. Delta CEO Ed Bastian told CNBC, “The chaos that was created, in my opinion, deserves full compensation.”

Image source: Microsoft

George Kurtz, CEO of CrowdStrike, apologized for the incident and promised to prevent similar events in the future. A CrowdStrike spokesperson said in an email to CNBC that Delta’s claims “…are based on debunked misinformation and demonstrate a lack of understanding of how modern cybersecurity works.” According to him, this is “a desperate attempt to shift the blame for the airline’s outdated IT infrastructure to others.”

It’s worth noting that at a conference in Washington in September, Microsoft discussed various potential improvements with CrowdStrike and other cybersecurity software providers to avoid similar incidents in the future.