Delta Air Lines claims, in a newly-filed lawsuit, that CrowdStrike was negligent in pushing through an update that crippled its systems, leading to an operational meltdown that cost the carrier $500 million. But CrowdStrike continues to mock Delta, insisting the Atalnta-based carrier is engaging in blame-shifting for its “antiquated IT infrastructure.”
Lawsuit: Delta Sues CrowdStrike For $500 Million, Seeking Massive Compensation For Meltdown
After threatening to sue, Delta has followed through and filed a lawsuit against CrowdStrike in Georgia State Court. As I typically do when discussing legal matters, I start with the complaint itself, which you can read here (36 pages long…). It’s a fascinating read, even as it gets technical.
The gist of Delta’s complaint is that CrowdStrike failed to test its update and then pushed it without using adequate safeguard technology from Microsoft that would have caught it.
“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit. If CrowdStrike had tested the Faulty Update on even one computer before deployment, the computer would have crashed.”
Delta alleges that CrowdStrike pushed the upgrade through at the kernel level (i.e. the highest level of access to system resources) in order to bypass conventional safeguards and in so doing overstepped its legal and contractual limits. It’s suing CrowdStrike for nine counts:
- Computer Trespass
- Trespass to Personalty [i.e. movable property]
- Breach of Contract
- Intentional Misrepresentation/Fraud by Omission
- Strict-Liability: Product Defect
- Gross Negligence
- Deceptive and Unfair Business Practices Act
- Attorneys’ Fees
- Punitive Damages
In addition to unspecified losses stemming from its diminished reputation, Delta counts up $380 million in lost pay and $170 million in compensation it attributes to the meltodwn, offset by $50 million in fuel savings as its aircraft sat idle, totaling $500 million.
But CrowdStrike is pushing back, arguing Delta’s “antiquated” infrastructure is to blame:
“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path. Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
Maybe….but Southwest Airlines was the only carrier that really did not suffer at all from the meltodwn… because it is running software based on Windows 3.1 (talk about ancient…). It isn’t clear to me if the problem was that Delta’s system was too old…or too new.
In any case, this is going to be a messy and public battle.
image: Delta
The entire episode shows how creaky DL’s IT platforms are. Crowdstrike was a debacle no doubt, but the rest of the industry got through it fairly quickly.
It is a premium lawsuit
It’s an uphill battle for DL as CRWD released transcripts that they were willing to provide support to DL for their debacle, which makes a lot of the accusations from DL moot on top of MSFT doubling down in their support for CRWD. There’s a reason why a lot of us hedged on CRWD despite the initial events.
But, some people here think that I can only be either black or on Wall Street and not both, so what do I know?
Many are waiting on the sidelines on this law suit. If Delta can demonstrate gross negligence, the rest of the CrowdStrike customers (airlines, banks, media, academia, retail, hotels, government, etc) will follow with their own lawsuits looking for their share of the pie. If I was any of the above, my attorneys would have a draft of a brief already prepared.
This could easily end up like the asbestos settlement fund, Catholic archdiocese lawsuits, and J&J talcum power settlement which are dragged out for years!! I understand there is a backstop amount in each contract. However, if I was CrowdStrike, I would be concerned!!
It can’t. CrowdStrike will just go bankrupt after one or two lawsuits, and the contender will fight among themselves over what little cash is left.
Can you please share the link to the complaint ? Seems there is no hyperlink in the article
Added.
Fantastic, thank you !
Someone in CrowdStrike’s legal team had better start proofreading its written materials. “Delta’s claims are based on disproven misinformation”. I would assume it meant to say “proven misinformation” otherwise it is shooting itself in the foot (or another piece of anatomy).
If Delta was the only company affected by this poorly executed update, then I’d say that Crowdcrap would win. Delta’s software, ancient though it is, worked just fine…UNTIL…Much of large corporations have proprietary software. They wouldn’t be anxious to share the details of their software, preferring to fix it themselves. In this instance, airlines, hospitals, banks, stock trading, etc. all over the world were affected by this slipshod and very costly mistake caused by Crowdcrap. For Delta, though, I hope this is a wake up call to their massive IT department to bring the offending software into the 21st century. For all companies, this should be a wake up call that Crowdcrap/Microsoft 365 combination became a single point of failure! You can best believe that Delta’s top management won’t let this happen again!