Delta sues CrowdStrike over software update that prompted mass flight disruptions
Cybersecurity firm CrowdStrike sued after ‘forcing untested and faulty updates on its customers’
27 October 2024 - 14:21
byDavid Shepardson
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Washington — Delta Air Lines on Friday sued cybersecurity firm CrowdStrike in a Georgia state court after a global outage in July caused mass flight cancellations, disrupted travel plans of 1.3 million customers and cost the carrier more than $500-million.
Delta’s lawsuit filed in Fulton County Superior Court called the faulty software update from CrowdStrike “catastrophic” and said the firm “forced untested and faulty updates on its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash.”
The July 19 incident led to worldwide flight cancellations and hit industries around the globe including banks, health care, media companies and hotel chains.
“Delta’s claims are based on disproved misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernise its antiquated IT infrastructure,” CrowdStrike said late on Friday.
Delta, which said it had purchased CrowdStrike products since 2022, said the outage forced it to cancel 7,000 flights, affecting 1.3 million passengers over five days.
Delta said CrowdStrike was liable for over $500-million in out-of-pocket losses as well as for an unspecified amount of lost profits, expenditures, including attorneys’ fees and “reputational harm and future revenue loss.”
The incident prompted the US Transportation Department to open an investigation.
“If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed,” Delta’s lawsuit said. “Because the faulty update could not be removed remotely, CrowdStrike crippled Delta’s business and created immense delays for Delta customers.”
Delta said that as part of its IT-planning and infrastructure, it had invested billions of dollars “in licensing and building some of the best technology solutions in the airline industry.” CrowdStrike has questioned why Delta fared so much worse than other airlines and said it has minimal liability, something Delta rejected.
Last month, a senior executive at CrowdStrike apologised before Congress for the faulty software update.
Adam Meyers, a senior vice-president at CrowdStrike, said the company released a content configuration update for its Falcon Sensor security software that resulted in system crashes worldwide. “We are deeply sorry this happened and we are determined to prevent this from happening again,” Meyers said.
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Delta sues CrowdStrike over software update that prompted mass flight disruptions
Cybersecurity firm CrowdStrike sued after ‘forcing untested and faulty updates on its customers’
Washington — Delta Air Lines on Friday sued cybersecurity firm CrowdStrike in a Georgia state court after a global outage in July caused mass flight cancellations, disrupted travel plans of 1.3 million customers and cost the carrier more than $500-million.
Delta’s lawsuit filed in Fulton County Superior Court called the faulty software update from CrowdStrike “catastrophic” and said the firm “forced untested and faulty updates on its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash.”
The July 19 incident led to worldwide flight cancellations and hit industries around the globe including banks, health care, media companies and hotel chains.
“Delta’s claims are based on disproved misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernise its antiquated IT infrastructure,” CrowdStrike said late on Friday.
Delta, which said it had purchased CrowdStrike products since 2022, said the outage forced it to cancel 7,000 flights, affecting 1.3 million passengers over five days.
Delta said CrowdStrike was liable for over $500-million in out-of-pocket losses as well as for an unspecified amount of lost profits, expenditures, including attorneys’ fees and “reputational harm and future revenue loss.”
The incident prompted the US Transportation Department to open an investigation.
“If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed,” Delta’s lawsuit said. “Because the faulty update could not be removed remotely, CrowdStrike crippled Delta’s business and created immense delays for Delta customers.”
Delta said that as part of its IT-planning and infrastructure, it had invested billions of dollars “in licensing and building some of the best technology solutions in the airline industry.” CrowdStrike has questioned why Delta fared so much worse than other airlines and said it has minimal liability, something Delta rejected.
Last month, a senior executive at CrowdStrike apologised before Congress for the faulty software update.
Adam Meyers, a senior vice-president at CrowdStrike, said the company released a content configuration update for its Falcon Sensor security software that resulted in system crashes worldwide. “We are deeply sorry this happened and we are determined to prevent this from happening again,” Meyers said.
Reuters
CrowdStrike exec apologises to US legislators for disastrous software glitch
CrowdStrike earnings to reveal fallout from global Windows outage
KHADEEJA BASSIER: Flexibility is our superpower in a glitchy world
ARTHUR GOLDSTUCK: Old-style switchboards a thing of the past as customers demand AI-driven digital communications systems
STEPHEN OSLER: CrowdStrike outage — a wake-up call for the cybersecurity industry
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Most Read
Related Articles
CrowdStrike exec apologises to US legislators for disastrous software glitch
CrowdStrike earnings to reveal fallout from global Windows outage
Delta Air takes legal route over CrowdStrike outage
KHADEEJA BASSIER: Flexibility is our superpower in a glitchy world
Published by Arena Holdings and distributed with the Financial Mail on the last Thursday of every month except December and January.