CrowdStrike Seeks Dismissal For Most Of Delta Lawsuit Claims

The cybersecurity giant is asking a Georgia court to dismiss nearly all counts in the airline’s lawsuit over the July 19 outage, calling the lawsuit ‘far-fetched’ and ultimately not permitted by the state’s law.

CrowdStrike petitioned a Georgia court Monday to dismiss nearly all claims in Delta’s lawsuit over the July 19 outage, calling the lawsuit “far-fetched” and ultimately not permissible under the state’s law.

The lawsuit from Atlanta-based Delta, which was filed in late October in Fulton County Superior Court, has sought significant damages from CrowdStrike in connection with the IT outage and resulting flight disruptions over five days.

Delta said in its lawsuit that it “suffered over $500 million in out-of-pocket losses” from the incident and signaled it would seek at least that amount from CrowdStrike.

In its filing of a motion to dismiss Monday, however, CrowdStrike argued that eight of the nine counts in Delta’s lawsuit are invalid on legal grounds, while characterizing the complaint as rife with “far-fetched allegations.”

Notably, the Delta lawsuit ignores Georgia law that “precludes Delta’s attempt to seek over $500 million in damages” in the case, CrowdStrike argued in its filing. The suit also disregards “the very documents on which Delta relies in its Complaint” — the subscription agreement between the two companies, according to CrowdStrike.

CRN has reached out to Delta for comment.

The global Windows outage in July caused by a faulty CrowdStrike Falcon configuration update led to significant disruptions at several U.S. airlines. Delta was by far the hardest hit, cancelling approximately 7,000 flights in total during a disruption that lasted well into the following week.

CrowdStrike and Microsoft have both blamed the elongated recovery time at Delta on what they’ve described as outdated IT systems at Delta, as well as a refusal by the airline to accept offers of assistance.

Challenging Lawsuit’s Basis

CrowdStrike’s filing focuses on questioning Delta’s attempt to bring a number of additional claims beyond the core claim of a contractual breach between the companies.

CrowdStrike is not seeking to dismiss the claim in Delta’s lawsuit concerning breach of contract “at this time,” the company said in its filing.

However, CrowdStrike contended that Delta is not legally permitted in Georgia to file the additional claims, beyond the breach of contract claim, which in reality are based upon the alleged breach of contract.

“Georgia law does not permit Delta to convert a claim for breach of the Agreement into a series of tort claims when the economic loss alleged stems from the contractual relationship,” CrowdStrike said in its filing Monday. “Instead, Delta may seek recovery only through its claim for breach of the Agreement, which CrowdStrike does not seek to dismiss at this time.”

CrowdStrike also reiterated prior arguments by saying it’s clear that Delta was an “outlier” in its recovery from the outage, in part because the airline “repeatedly rebuffed any assistance from CrowdStrike or its partners.”

Delta Still A Customer

With its motion to dismiss filing Monday, CrowdStrike also noted that Delta remains a customer of the security vendor.

Thus, Delta’s lawsuit allegations are “belied by the fact that Delta continues to use CrowdStrike cybersecurity products and services to this day,” CrowdStrike said in the filing. “If CrowdStrike’s products operated as Delta speciously claims they do in its Complaint, surely Delta would have terminated its Agreement with CrowdStrike and stopped using its products and services.”

Limited Liability Cited Previously

Meanwhile, CrowdStrike has also pursued its own lawsuit against Delta, which was also filed in late October, though in a U.S. District Court.

In its lawsuit against Delta, CrowdStrike pointed to the existence of a contractual clause limiting potential damages between the companies.

In particular, as part of the Subscription Services Agreement reached between CrowdStrike and Delta in June 2022, “CrowdStrike’s liability to Delta for any damages in any way related to the July 19 Incident, if any, is limited to two times the value of the fees,” the company said.