Delta Sues CrowdStrike for $500 Million Over July IT Meltdown, Citing ‘Gross Negligence’
Delta Air Lines has filed a lawsuit against cybersecurity firm CrowdStrike, accusing it of gross negligence in connection with a massive technology outage in July that led to over 7,000 canceled flights. The Atlanta-based airline claims that CrowdStrike’s actions—or lack thereof—resulted in a “catastrophic” IT failure, costing Delta an estimated $500 million in losses, including future revenue impacts.
In the lawsuit filed in Georgia state court, Delta claims the July 19 incident, which grounded thousands of flights during one of its busiest weekends, was triggered by a flawed CrowdStrike update. Delta accuses CrowdStrike of multiple offenses, including intentional misrepresentation, breach of contract, and unfair business practices. According to the airline, CrowdStrike’s actions left 8.5 million computers affected and rendered 60% of Delta’s key Windows-based applications inoperable, severely impacting crew scheduling and plane dispatching systems.
CrowdStrike disputes the airline’s claims, arguing that Delta is trying to shift responsibility for the meltdown from its own outdated IT infrastructure. “Delta’s claims are based on disproven misinformation,” a CrowdStrike spokesperson stated, describing Delta’s systems as antiquated and in need of modernization. The cybersecurity firm contends that it notified customers, including Delta, with an alert on July 19 offering a fix for the issue.
The legal clash has escalated over recent weeks as both companies have sought to place blame for the prolonged outage. Microsoft weighed in during August, suggesting Delta’s outdated systems may have contributed to its sluggish recovery, in contrast to other airlines using CrowdStrike who reported quicker resolutions.
Delta’s lawsuit criticizes CrowdStrike’s update as lacking rollback capabilities and contends that the company failed to test the update on a single computer before deployment, a move Delta refers to as the “Faulty Update.” Adding fuel to Delta’s allegations, CrowdStrike’s president recently accepted a “Most Epic Fail” award at a hacking convention, an event Delta referenced in its filing to highlight what it called a failure of responsibility.
CrowdStrike, whose liability under contract is capped in the “single-digit millions,” maintains it fulfilled its obligations and highlights other carriers’ faster recoveries as evidence of Delta’s internal IT shortcomings. Delta, however, argues that CrowdStrike’s actions permanently damaged its reputation for reliability and operational excellence, key factors in the airline’s premium brand positioning.
With both companies firmly entrenched in their positions, the lawsuit is expected to test legal interpretations of cybersecurity responsibility and corporate liability for software failures affecting critical infrastructure.