Delta Air Lines claims, in a newly-filed lawsuit, that CrowdStrike was negligent in pushing through an update that crippled its systems, leading to an operational meltdown that cost the carrier $500 million. But CrowdStrike continues to mock Delta, insisting the Atalnta-based carrier is engaging in blame-shifting for its “antiquated IT infrastructure.”
Lawsuit: Delta Sues CrowdStrike For $500 Million, Seeking Massive Compensation For Meltdown
After threatening to sue, Delta has followed through and filed a lawsuit against CrowdStrike in Georgia State Court. As I typically do when discussing legal matters, I start with the complaint itself, which you can read here (36 pages long…). It’s a fascinating read, even as it get technical.
The gist of Delta’s complaint is that CrowdStrike failed to test its update and then pushed it without using adequate safeguard technology from Microsoft that would have caught it.
“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit. If CrowdStrike had tested the Faulty Update on even one computer before deployment, the computer would have crashed.”
Delta alleges that CrowdStrike pushed the upgrade through at the kernel level (i.e. the highest level of access to system resources) in order to bypass conventional safeguards and in so doing overstepped its legal and contractual limits. It’s suing CrowdStrike for nine counts:
- Computer Trespass
- Trespass to Personalty [i.e. movable property]
- Breach of Contract
- Intentional Misrepresentation/Fraud by Omission
- Strict-Liability: Product Defect
- Gross Negligence
- Deceptive and Unfair Business Practices Act
- Attorneys’ Fees
- Punitive Damages
In addition to unspecified losses stemming from its diminished reputation, Delta counts up $380 million in lost pay and $170 million in compensation it attributes to the meltodwn, offset by $50 million in fuel savings as its aircraft sat idle, totaling $500 million.
But CrowdStrike is pushing back, arguing Delta’s “antiquated” infrastructure is to blame:
“While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path. Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
Maybe….but Southwest Airlines was the only carrier that really did not suffer at all from the meltodwn… because it is running software based on Windows 3.1 (talk about ancient…). It isn’t clear to me if the problem was that Delta’s system was too old…or too new.
In any case, this is going to be a messy and public battle.
image: Delta
The entire episode shows how creaky DL’s IT platforms are. Crowdstrike was a debacle no doubt, but the rest of the industry got through it fairly quickly.
It is a premium lawsuit
It’s an uphill battle for DL as CRWD released transcripts that they were willing to provide support to DL for their debacle, which makes a lot of the accusations from DL moot on top of MSFT doubling down in their support for CRWD. There’s a reason why a lot of us hedged on CRWD despite the initial events.
But, some people here think that I can only be either black or on Wall Street and not both, so what do I know?
Many are waiting on the sidelines on this law suit. If Delta can demonstrate gross negligence, the rest of the CrowdStrike customers (airlines, banks, media, academia, retail, hotels, government, etc) will follow with their own lawsuits looking for their share of the pie. If I was any of the above, my attorneys would have a draft of a brief already prepared.
This could easily end up like the asbestos settlement fund, Catholic archdiocese lawsuits, and J&J talcum power settlement which are dragged out for years!! I understand there is a backstop amount in each contract. However, if I was CrowdStrike, I would be concerned!!