Delta Air Lines Inc. sued cybersecurity firm CrowdStrike Holdings Inc. over the chaos caused this summer by a “catastrophic” software update that disabled millions of computers worldwide and grounded much of the airline’s passenger fleet.
The update crippled Delta’s operations for days, forcing thousands of flight cancellations and delays that affected more than a million of its customers, the airline said in the suit.
CrowdStrike apologized publicly after the July 19 glitch shut down computers running the Microsoft Windows operating system. The disruption paralyzed airports, banks, stock exchanges and businesses around the world — and proved especially challenging for Delta, which struggled for days to return its flight schedule to normal. CrowdStrike has since announced wide-ranging changes to how it tests and deploys content updates.
Delta says the faulty update cost the airline at least $500 million in out-of-pocket losses — in addition to “severe harm to its reputation and goodwill,” according to the complaint, filed Friday in state court in Georgia.
CrowdStrike said in a statement that Delta’s claims are based on misinformation that “demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
The cybersecurity firm said it tried to reach an out-of-court resolution over the update, but “Delta has chosen a different path.”
Delta claims the software update was “forced” on the company — and wasn’t something its IT staff installed.
“These updates were pushed onto customers and their systems even when customers did not enable automatic update settings,” according to the complaint.
Delta’s claims against CrowdStrike include fraud, breach of contract, deceptive business practices and computer trespass.
CrowdStrike also faces investor litigation over the outage.