Delta Air Lines has filed a lawsuit against cybersecurity firm CrowdStrike in Georgia state court, following a significant outage in July that resulted in widespread flight cancellations, disrupted travel for 1.3 million customers, and cost the airline over $500 million.
In its complaint, filed in Fulton County Superior Court, Delta referred to a problematic software update from CrowdStrike as “catastrophic,” claiming the firm delivered untested and flawed updates that caused over 8.5 million Microsoft Windows-based computers worldwide to crash.
The incident on July 19 led to global flight disruptions and affected various industries, including banking, healthcare, media, and hospitality.
In response, CrowdStrike stated that Delta’s allegations are based on incorrect information, reflect a misunderstanding of modern cybersecurity, and appear to be an attempt to deflect blame for the airline’s slow recovery due to outdated IT systems.
Delta Air Lines, which has been using CrowdStrike products since 2022, reported that the outage resulted in the cancellation of 7,000 flights, affecting 1.3 million passengers over a span of five days.
Delta claims that CrowdStrike is responsible for more than $500 million in direct losses, as well as an unspecified amount for lost profits, additional expenses such as legal fees, and damages related to reputational harm and future revenue loss.
The incident has led the U.S. Transportation Department to initiate an investigation.
Delta’s lawsuit states, “If CrowdStrike had tested the faulty update on even one computer prior to deployment, it would have crashed.” It argues that because the problematic update could not be removed remotely, CrowdStrike severely disrupted Delta’s operations and caused significant delays for customers.
Delta also noted that it has invested billions of dollars in its IT planning and infrastructure, focusing on licensing and developing some of the most advanced technology solutions in the airline industry.
CrowdStrike has raised questions about why Delta experienced such significant issues compared to other airlines and maintains that its liability is minimal—a claim that Delta has rejected.
Last month, a senior executive from CrowdStrike offered an apology before Congress regarding the problematic software update. Adam Meyers, a senior vice president at the company, acknowledged that a content configuration update for their Falcon Sensor security software caused system crashes globally. “We are deeply sorry this occurred, and we are committed to ensuring it doesn’t happen again,” Meyers stated.