CrowdStrike Pushes Back Against Delta Legal Threats Over Outage

The cybersecurity vendor says Delta did not accept offers of help amid the multi-day outage that impacted the airline.

CrowdStrike is contending that Delta did not accept offers of help amid the multi-day outage that impacted the airline, following the cybersecurity vendor’s defective July 19 update.

In a letter sent to an attorney who is reportedly representing Delta, CrowdStrike said it is “highly disappointed” by the comments made by Delta CEO Ed Bastian in a televised interview last week, which suggested a lawsuit against CrowdStrike would be forthcoming.

CrowdStrike “strongly rejects any allegation that it was grossly negligent or committed willful misconduct,” the company’s attorney, Michael B. Carlinsky, wrote in the letter.

During a CNBC interview, Bastian answered that “we have no choice” after being asked about the potential for a lawsuit. “We’re looking to make certain that we get compensated,” he said.

Delta cancelled thousands of flights in the days after the outage began, and its total bill related to the incident—including both cancellations and customer compensation such as hotels—reached $500 million, according to Bastian.

In the CrowdStrike letter to Delta, the security vendor said that it attempted to assist the airline with recovering from the outage, which impacted Microsoft Windows devices, but the offer was not accepted.

“Within hours of the incident, CrowdStrike reached out to Delta to offer assistance and ensure Delta was aware of an available remediation,” CrowdStrike’s attorney wrote in the letter. “Additionally, CrowdStrike’s CEO personally reached out to Delta’s CEO to offer onsite assistance, but received no response. CrowdStrike followed up with Delta on the offer for onsite support and was told that the onsite resources were not needed.”

CRN has reached out to Delta for comment.

In a statement provided to CRN, a CrowdStrike spokesperson added that the company has “expressed our regret and apologies to all of our customers for this incident and the disruption that resulted.”

“Public posturing about potentially bringing a meritless lawsuit against CrowdStrike as a long-time partner is not constructive to any party,” the spokesperson said. “We hope that Delta will agree to work cooperatively to find a resolution.”

Delta was by far the hardest-hit airline in the outage, which continued to have a major impact on its flights for five days. Two other airlines that initially saw significant disruptions from the outage, United and American Airlines, recovered more quickly than Delta.

“Delta’s public threat of litigation distracts from this work and has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage,” CrowdStrike’s attorney wrote in the letter.

If Delta does choose to pursue legal action against CrowdStrike, the airline will “need to explain” a number of issues including “why Delta’s competitors, facing similar challenges, all restored operations much faster,” the CrowdStrike letter said.

Another issue that Delta will be forced to explain is why the airline “turned down free onsite help from CrowdStrike professionals who assisted many other customers to restore operations much more quickly than Delta,” the company’s attorney said in the letter.

The outage began after an update to CrowdStrike’s Falcon platform set off a “blue screen of death” scenario for 8.5 million Windows devices worldwide. In addition to air travel, global impacts ensued for sectors including finance, health care and business.

“We don't believe CRWD will be held liable” in any potential legal action by Delta, wrote Joseph Gallo, senior vice president at Jefferies, in a note to investors last week.

However, along with Delta, additional companies can be expected to consider legal action against CrowdStrike over its faulty update, Gallo wrote.

“We expect other companies impacted by the IT outage could potentially follow suit (helps with image to customers of impacted companies), creating further headline-risk in the near-term,” he wrote.

Overall, CrowdStrike has reported having nearly 30,000 customers, though it’s unclear how many were impacted in total. The outage has cost U.S. Fortune 500 companies $5.4 billion in total direct financial loss, according to an estimate from cloud monitoring and insurance firm Parametrix.

According to a prior CNBC report, Delta is also interested in pursuing legal action against Microsoft over the outage. The tech giant has declined to comment.