CrowdStrike has responded to Delta Air Lines’ threat to sue the cybersecurity firm over a botched software update that grounded thousands of flights. CrowdStrike denies responsibility for the airline’s own IT decisions and the days-long disruption.
Lawyers for CrowdStrike argued in a brief dated Sunday that the U.S. airline had created a “misleading narrative” that the cybersecurity firm had been “grossly negligent” in an incident that the U.S. airline said would cost it $500 million.
Delta took days longer than rivals to recover after the CrowdStrike update crippled millions of Windows computers around the world last month. The airline has warned the cybersecurity firm that it plans to sue for damages over the disruption and has hired law firm Boies Schiller Flexner.
CrowdStrike addressed Sunday's letter to the law firm, whose chairman, David Boies, previously represented the U.S. government in antitrust litigation against Microsoft and Harvey Weinstein, among other high-profile clients.
Microsoft estimates that about 8.5 million Windows devices were affected by the faulty update, which has left airline passengers stranded, hospital appointments interrupted and broadcasters worldwide offline. CrowdStrike said last week that 99 percent of Windows devices running the affected Falcon software were now back online.
Major U.S. airlines Delta, United and American briefly grounded their planes on the morning of July 19. United and American were able to resume flights over the weekend, but Delta's flight disruptions continued for another week.
The Atlanta-based carrier ultimately canceled more than 6,000 flights, prompting an investigation by the U.S. Department of Transportation into poor customer service during the operational chaos.
Michael Carlinsky, an attorney at CrowdStrike and co-managing partner at Quinn Emanuel Urquhart & Sullivan, wrote that if Delta Air Lines takes legal action, it will have to explain why its competitors were able to resume operations much more quickly.
He added: “Should Delta go down this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions – promptly, transparently, and constructively – when Delta did not.”
CrowdStrike also alleged that Delta's leadership ignored and rejected offers of assistance: “CrowdStrike's CEO personally reached out to Delta's CEO to offer onsite assistance, but received no response. CrowdStrike followed up with Delta with the offer of onsite support and was told the onsite resources were not needed.”
Delta CEO Ed Bastian said last week that CrowdStrike had offered “nothing” to compensate for the airline’s disruption. “Free consulting to help us — that’s all,” he told CNBC on Wednesday.
While Bastian has said the disruption would cost Delta $500 million, CrowdStrike insisted that “any liability of CrowdStrike is contractually capped at an amount in the multi-millions.”
A CrowdStrike spokesperson accused Delta of “making public statements about potentially filing a baseless lawsuit against CrowdStrike” and said he hoped the airline “would agree to work together to find a resolution.”
Delta Air Lines declined to comment.
© 2024 The Financial Times Ltd. All rights reserved. May not be redistributed, copied or modified in any way.