Inside The Delta Air Lines $500 Million Lawsuit Against CrowdStrike

Delta Air Lines claims, in a newly-filed lawsuit, that CrowdStrike was negligent in pushing through an update that crippled its systems, leading to an operational meltdown that cost the carrier $500 million. But CrowdStrike continues to mock Delta, insisting the Atalnta-based carrier is engaging in blame-shifting for its “antiquated IT infrastructure.”

Lawsuit: Delta Sues CrowdStrike For $500 Million, Seeking Massive Compensation For Meltdown

After threatening to sue, Delta has followed through and filed a lawsuit against CrowdStrike in Georgia State Court. As I typically do when discussing legal matters, I start with the complaint itself, which you can read here (36 pages long…). It’s a fascinating read, even as it get technical.

The gist of Delta’s complaint is that CrowdStrike failed to test its update and then pushed it without using adequate safeguard technology from Microsoft that would have caught it.

“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit. If CrowdStrike had tested the Faulty Update on even one computer before deployment, the computer would have crashed.”

Delta alleges that CrowdStrike pushed the upgrade through at the kernel level (i.e. the highest level of access to system resources) in order to bypass conventional safeguards and in so doing overstepped its legal and contractual limits. It’s suing CrowdStrike for nine counts:

Computer Trespass
Trespass to Personalty [i.e. movable property]
Breach of Contract
Intentional Misrepresentation/Fraud by Omission
Strict-Liability: Product Defect
Gross Negligence
Deceptive and Unfair Business Practices Act
Attorneys’ Fees
Punitive Damages

In addition to unspecified losses stemming from its diminished reputation, Delta counts up $380 million in lost pay and $170 million in compensation it attributes to the meltodwn, offset by $50 million in fuel savings as its aircraft sat idle, totaling $500 million.

But CrowdStrike is pushing back, arguing Delta’s “antiquated” infrastructure is to blame:

“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path. Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”

Maybe….but Southwest Airlines was the only carrier that really did not suffer at all from the meltodwn… because it is running software based on Windows 3.1 (talk about ancient…). It isn’t clear to me if the problem was that Delta’s system was too old…or too new.

In any case, this is going to be a messy and public battle.

image: Delta