Delta Air Lines is suing CrowdStrike after the company’s security software faltered in July, causing 7,000 canceled flights and left fliers stranded across the globe.
Delta claims in its lawsuit that it took a $380 million loss and was forced to pay $170 million in costs resulting from the massive wave of flight cancelations due to the CrowdStrike outage.
CrowdStrike is security software that is used by many companies, government agencies, and transport entities like airlines.
“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit,” Delta said in its complaint that was filed in a Georgia court. “If CrowdStrike had tested the Faulty Update on even one computer before deployment, the computer would have crashed.”
The crash occurred after CrowdStrike issued an update in July. Even though Delta had reportedly disabled its auto-update feature, the issue still affected its computers. The lawsuit claims that CrowdStrike’s Falcon software created and then used a backdoor into Windows — bypassing the company’s decision to disable autoupdates — that it would not have allowed.
“The havoc that was created deserves, in my opinion, to be fully compensated for,” Delta CEO Ed Bastian told CNBC earlier in October.
George Kurtz, the CrowdStrike CEO, has apologized for the incident, but a company spokesperson told CNBC in an email that Delta’s claims are based on “misinformation.”
“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path,”the spokesperson said. “Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
A lawyer for the tech company said in August that the CrowdStrike’s liability should be less than $10 million.
Michael Carlinsky, a CrowdStrike attorney, said in a letter sent in August to Delta lawyer David Boies that the airline’s then-threatened lawsuit “has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage.”
Carlinsky questioned why other airlines managed to recover from the outage faster, while Delta struggled. He said CrowdStrike had taken responsibility for its role in the cancellations, “while Delta did not.”