Delta sues CrowdStrike over software update that prompted flight disruptions

(Reuters) — Delta Air Lines on Friday sued cybersecurity company CrowdStrike in a Georgia state court after a global outage in July caused mass flight cancellations, disrupted the travel plans of 1.3 million customers and cost the carrier more than $500 million.

Delta’s lawsuit, filed in Fulton County Superior Court, called the faulty software update from CrowdStrike “catastrophic.” It said CrowdStrike “forced untested and faulty updates to its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash.”

The July 19 incident led to worldwide flight cancellations and hit industries around the globe, including banks, health care providers, media companies and hotel chains.

“Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure,” CrowdStrike said late Friday.

Delta, which said it has purchased CrowdStrike products since 2022, said the outage forced it to cancel 7,000 flights.

Delta said CrowdStrike is liable for over $500 million in out-of-pocket losses as well as for an unspecified amount of lost profits and expenditures, including attorneys fees and “reputational harm and future revenue loss.”

The incident prompted the U.S. Transportation Department to open an investigation.

“If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed,” Delta’s lawsuit says. “Because the faulty update could not be removed remotely, CrowdStrike crippled Delta’s business and created immense delays for Delta customers.”