Thought Leadership
The American airline Delta Air Lines filed a lawsuit against the cyber security service provider CrowdStrike in the Superior Court of the state of Georgia on Friday. The reason for this is the serious mishap in July, which led to massive flight cancellations and, according to the company, caused damage of more than 500 million dollars.
At the center of the legal dispute is the faulty software update, which Delta describes as “catastrophic”. The accusation is serious: CrowdStrike delivered “untested and faulty updates” to its customers, which led to the crash of more than 8.5 million Microsoft Windows computers worldwide. The effects were far-reaching: not only airlines, but also banks, healthcare facilities, media companies and hotel chains were affected.
The scale of the disruption was considerable. Delta had to cancel around 7,000 flights over a period of five days, disrupting the travel plans of 1.3 million passengers. The company, which has been a customer of CrowdStrike since 2022, is now not only claiming direct losses of over 500 million dollars, but is also seeking damages for loss of profits, legal fees, reputational damage and future loss of revenue: “If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed,” Delta’s lawsuit states. “Because the faulty update could not be removed remotely, CrowdStrike crippled Delta’s business and created immense delays for Delta customers.”
Dispute sparked over responsibility
CrowdStrike firmly rejects the allegations. In a statement released late on Friday, the company described Delta’s accusations as based on “disproven misinformation”. The cyber security specialist also accuses the airline of having no understanding of modern cyber security and of trying to deflect blame for the slow recovery of operations from its own outdated IT infrastructure.
“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path. Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
CrowdStrike in an official statement
Last month, a high-ranking CrowdStrike manager apologized to the US Congress for the incident. Adam Meyers, Senior Vice President of the company, admitted that a faulty configuration update for the Falcon sensor security software had led to the worldwide system crashes.
Setting a precedent for the industry
The case has also attracted the attention of the US Transportation Security Administration, which has launched an investigation. In its statement of claim, Delta emphasizes that the company has invested billions in its IT infrastructure and has built “some of the best technology solutions in the airline industry.”
The case clearly shows how heavily airlines depend on their computer technology today. Experts expect this legal dispute to point the way forward – especially when it comes to who bears responsibility for major IT breakdowns.
