Delta sues cybersecurity firm CrowdStrike over tech outage that canceled flights

Business

ATLANTA — Delta Air Lines sued CrowdStrike on Friday, claiming the cybersecurity company had cut corners and caused a worldwide technology outage that led to thousands of canceled flight in July.

The airline is asking for compensation and punitive damages from the outage, which started with a faulty update sent to several million Microsoft computers. Delta said the outage crippled its operations for several days, costing more than $500 million in lost revenue and extra expenses.

CrowdStrike did not immediately comment, but a lawyer representing the company pointed out this summer that other airlines had recovered from the outage much more quickly, and said that Delta was being misleading about its response.

The U.S. Department of Transportation is investigating why Delta took longer to recover than other carriers. Transportation Secretary Pete Buttigieg said the department would look into complaints about Delta customer service during the outage, including long waits for help and reports that unaccompanied minors were stranded at airports.

In its lawsuit, Delta claims that the outage occurred because CrowdStrike failed to test the update before rolling it out worldwide.

Delta canceled about 7,000 flights over a five-day period during the peak summer vacation season. The outage also affected banks, hospitals and other businesses.

“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit,” Delta said in the lawsuit, which was filed in Fulton County Superior Court in Georgia, near the company’s headquarters.

After Delta hired a lawyer to pursue a claim, CrowdStrike hired its own legal advisers and struck back. A lawyer for the tech firm, Michael Carlinsky, said Delta “has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage.” Carlinsky said CrowdStrike’s liability should be less than $10 million.

Leave a Reply

Your email address will not be published. Required fields are marked *