CrowdStrike Denies Role in Delta's Costly IT Outage

Cybersecurity firm CrowdStrike has rejected claims of responsibility for the flight disruptions caused by the global IT outage on Jul. 19. Ed Bastian, CEO, Delta Air Lines, had earlier stated that the outage cost the airline US$500 million, which includes reimbursements, hotel stays, and related transportation expenses. Delta is now pursuing legal action against CrowdStrike for compensation.

The outage, attributed to a CrowdStrike update problem, forced Delta to cancel over 6,000 flights in six days, affecting more than 500,000 passengers and requiring the manual restart of 40,000 systems. The incident has prompted an investigation by the United States Department of Transportation into Delta's delayed recovery.

Several other airlines, including Ryanair, Vueling Airlines, Singapore Airlines, and Virgin Australia, were also affected by the Microsoft IT outage. Beyond the airline industry, sectors such as retail, healthcare, banking, transport, broadcasting, and communications experienced disruptions.

CrowdStrike,through an external lawyer, Michael Carlinsky from Quinn Emanuel Urquhart & Sullivan, sent a letter to Delta Air Lines. The letter states, "CrowdStrike reiterates its apology to Delta, its employees, and its customers and is empathetic to the circumstances they face. However, CrowdStrike is highly disappointed in Delta's suggestion that CrowdStrike acted inappropriately and strongly rejects any allegation that it was grossly negligent or committed willful misconduct with respect to the Channel File 291 incident."

"Within hours of the incident, CrowdStrike reached out to Delta to offer assistance and ensured that Delta was aware of an available remediation. To this day CrowdStrike continues to work closely and professionally with the Delta information security team," the letter added.

CrowdStrike revealed that its CEO had personally reached out to Delta's CEO, offering free onsite support, but did not receive a reply. Delta later informed CrowdStrike that onsite resources were not necessary.

In response to Delta's threat of seeking damages, CrowdStrike warned that such an attempt would create a "misleading narrative" that CrowdStrike was to blame for Delta's response to the outage and subsequent decisions. 

"Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions - swiftly, transparently and constructively - while Delta did not," the letter stated.