Delta sues CrowdStrike after widespread IT outage that caused thousands of cancellations

Delta sues CrowdStrike after widespread IT outage that caused thousands of cancellations

Delta Air Lines planes are seen at John F. Kennedy International Airport on the July 4th weekend in Queens, New York City, U.S., July 2, 2022. 

Andrew Kelly | Reuters

Delta Air Lines on Friday filed a lawsuit against CrowdStrike in Georgia, accusing the security software vendor of breach of contract and negligence after an outage in July that brought down millions of computers and prompted 7,000 flight cancelations.

Other airlines recovered more quickly than Atlanta-based Delta, which said the incident reduced revenue by $380 million and brought $170 million in costs. The flawed software update affected computers running Microsoft’s Windows operating system.

Days after the outage, Delta hired David Boies of law firm Boies Schiller Flexner to seek damages from CrowdStrike and Microsoft. Delta asked for damages to cover its losses, along with litigation costs and punitive damages.

“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit,” Delta said in its complaint. “If CrowdStrike had tested the Faulty Update on even one computer before deployment, the computer would have crashed.”

Delta had disabled automatic updates from CrowdStrike but this one reached its computers anyway, the airline said in the suit. Delta claimed that CrowdStrike’s Falcon software created and exploited an unauthorized door in Windows that the airline said it never would have allowed.

“The havoc that was created deserves, in my opinion, to be fully compensated for,” Delta CEO Ed Bastian told CNBC in an interview earlier this month.

A CrowdStrike representative didn’t immediately respond to a request for comment. CEO George Kurtz has apologized for the incident, and the company has committed to changing its practices to prevent similar events. In August, CrowdStrike lowered its full-year guidance because of a customer commitment package related to the outage.

Microsoft discussed various potential enhancements with CrowdStrike and other endpoint security software sellers at a summit in September.

WATCH: Delta fires back at CrowdStrike, says outage cost $380 million in revenue

Delta fires back at CrowdStrike, says outage cost $380 million in revenue