Delta Air Lines is currently embroiled in a legal battle with CrowdStrike following a severe outage earlier this year that cost the airline an estimated $500 million in revenue. The outage, caused by a defective threat intelligence update for the CrowdStrike Falcon Sensor, led to widespread disruption across various industries, including airlines, healthcare providers, and businesses.
After investigating the issue, CrowdStrike revealed that a bug in the memory scanning prevention policy went unnoticed during testing, ultimately causing Microsoft servers to crash worldwide. This resulted in Delta having to cancel thousands of flights, affecting 1.3 million customers and prompting multiple class-action lawsuits.
In response to the financial losses incurred due to the outage, Delta filed a lawsuit against CrowdStrike in a Georgia state court, accusing the cybersecurity company of negligence in testing the faulty Falcon sensor update before deployment. The airline argued that CrowdStrike’s actions led to a global catastrophe and significant financial repercussions.
CrowdStrike, however, refuted Delta’s claims, stating that the airline is spreading misinformation and attempting to shift blame for its slow recovery from the outage. A spokesperson for the cybersecurity firm emphasized that Delta’s lack of understanding of modern cybersecurity practices and outdated IT infrastructure were contributing factors to the prolonged recovery process.
The US Department of Transportation has also launched an investigation into the incident, questioning why Delta took longer to recover compared to other airlines. Complaints regarding Delta’s customer service during the outage, including long wait times and unaccompanied minors stranded at airports, have also been raised.
Despite efforts to settle the dispute earlier in the year, Delta and CrowdStrike remain at odds over the amount of lost revenue for which the cybersecurity firm is responsible. CrowdStrike argues that it is liable for less than $10 million, while Delta seeks to recover the full $500 million lost due to the outage.
As the legal battle continues, both Delta and CrowdStrike are steadfast in their positions, with the cybersecurity company asserting that it did not cause the harm claimed by Delta. The lawsuit highlights the complexities of cyber liability and the challenges faced by companies in the event of a cybersecurity incident.
The outcome of the lawsuit will likely have far-reaching implications for the cyber liability landscape, setting a precedent for how companies can seek compensation for financial losses resulting from cybersecurity incidents. It remains to be seen how the legal proceedings will unfold and what impact they will have on future cybersecurity practices and regulations.