Delta Air Line on Friday sued the cybersecurity firm CrowdStrike following a global outage in July that resulted in widespread flight cancellations, disrupted travel plans for 1.3 million customers, and cost the airline over $500 million in losses.
The air line filed the lawsuit in the Georgia state’s Fulton County Superior Court where it described the faulty software update from CrowdStrike as “catastrophic,” and said that the firm forced the customers to do the untested and faulty updates. This caused over 8.5 million Microsoft Windows-based computers around the world to “crash.”
The July 19 incident led to worldwide flight cancellations and hit industries around the globe including banks, health care, media companies and hotel chains, according to Reuters.
CrowdStrike responded to the allegations late on Friday, stating, “Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
Delta, which has been a customer of CrowdStrike products since 2022, reported that the outage forced the cancellation of 7,000 flights and impacted 1.3 million passengers over a five-day period. The airline is seeking to recover over $500 million in out-of-pocket losses, as well as additional compensation for lost profits, expenditures, including attorneys’ fees, “reputational harm and future revenue loss.”
The incident has also prompted an investigation by the US Transportation Department. Delta’s lawsuit asserts, “If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed.” The airline further stated that because the faulty update could not be removed remotely, “CrowdStrike crippled Delta’s business and created immense delays for Delta customers.”
Delta emphasized that as part of its IT planning and infrastructure, it has invested billions of dollars “in licensing and building some of the best technology solutions in the airline industry.” CrowdStrike has questioned why Delta was more severely affected than other airlines and claimed minimal liability, which Delta has rejected.
Last month, Adam Meyers, a senior vice president at CrowdStrike, apologized before Congress for the faulty software update. Meyers explained that the company had released a content configuration update for its Falcon Sensor security software, which led to system crashes worldwide. He stated, “We are deeply sorry this happened and we are determined to prevent this from happening again.”
What happened on July 19
On July 19, a widespread technology disruption, seemingly connected to issues at global cybersecurity company CrowdStrike and Microsoft, has impacted various industries worldwide, including airports, airlines, financial institutions, and media outlets.
Numerous airports and airlines have been affected by the outage. Berlin airport suspended all flights until 10 a.m. (0800 GMT) due to a technical issue.
Spanish airport operator Aena reported a computer systems “incident” at all Spanish airports, potentially causing flight delays. Amsterdam’s Schiphol airport, a major European air transport hub, confirmed it was impacted by the global cyber outage and advised travelers to contact their airlines directly. KLM, the Netherlands’ flagship airline, suspended most of its operations, while its parent company, Air France, also experienced disruptions, Reuters reported.
Turkish Airlines encountered problems with ticketing, check-in, and booking due to the global technical issue. Major U.S. carriers, including American Airlines, Delta Airlines, and United Airlines, issued ground stops citing communication problems. SAS, Qantas, and Cathay Pacific also reported delays and technical difficulties.
The financial sector has also been impacted by the outage. Commonwealth Bank, Australia’s largest bank, reported that some customers were unable to transfer money. Several major oil and gas trading desks in London and Singapore struggled to execute trades. Macquarie Capital was unable to provide liquidity for unexpired warrants on HKEX due to technical problems. South Africa’s Capitec said card payments, ATM, and app services were fully restored following significant nationwide disruptions linked to CrowdStrike. LSEG Group’s Workspace news and data platform suffered an outage, causing disruption across financial markets.
Media outlets have also been affected. Sky News, a major British television news channel, went off air. Australia’s state broadcaster ABC experienced a “major network outage,” while regular programming at Sky News Australia was disrupted.
The outage has also impacted emergency services and healthcare. A health booking system used by doctors in England went offline. Several hospitals in the Netherlands had to scale down their operations. Victorian state police in Australia reported that some internal systems were affected, but emergency services were operating normally. Copenhagen’s fire department experienced problems receiving automatically transmitted fire alarms and urged people to call 112 in case of a fire.