Cybersecurity firm CrowdStrike sued Delta Air Lines on Friday after a faulty software update prompted a global outage in July.
The 19 July incident led to worldwide flight cancellations and hit industries including banks, health care, media companies and hotel chains.
CrowdStrike said it sued to make clear that CrowdStrike did not cause the harm that Delta claims, and that Delta repeatedly refused assistance from both CrowdStrike and Microsoft. Delta did not immediately comment on CrowdStrike’s suit.
CrowdStrike is seeking a declaratory judgment plus legal fees.
Delta’s lawsuit filed on Friday in Fulton County superior court called the faulty software update from CrowdStrike “catastrophic” and said the company “forced untested and faulty updates to its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash”.
Delta said the faulty update caused 7 000 flight cancellations, disrupted travel plans of 1.3 million customers and cost the carrier more than US$500-million.
CrowdStrike’s lawsuit, also filed on Friday, said Delta’s own response and technology caused delays in the carrier’s ability to resume normal operations. CrowdStrike’s lawsuit reiterated its contention that it has minimal liability, something Delta rejected.
Liable
Delta said CrowdStrike is liable for over $500-million in out-of-pocket losses as well as for unspecified lost profits, expenditures — including legal fees — reputational harm and future revenue loss.
The incident prompted the US transportation department to open an investigation.
Read: Microsoft hosts security summit after CrowdStrike disaster
“If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed,” Delta’s lawsuit said. Delta said it has invested billions of dollars in IT licensing and infrastructure. — David Shepardson, (c) 2024 Reuters
Get breaking news from TechCentral on WhatsApp. Sign up here
