Attorneys from a “premier law firm with significant litigation experience” hired by Delta Air Lines to pursue a multi-million-dollar claim against CrowdStrike and Microsoft have accused the IT security firm of making a “vastly inadequate” apology of “doubtful sincerity” following a bug-ridden software update that crashed computers worldwide on July 19.
In a letter sent to CrowdStrike on Thursday, lawyers from Boies, Schiller and Flexner claim the company is attempting a “blame the victim defense” to absolve itself of wrongdoing following its botched security update that affected computers running on Microsoft Windows.
CrowdStrike admits that it dispatched an automatic update to computers worldwide containing a bug that caused a ‘blue screen of death’ on millions of computers, but the company insists that any liability for expenses incurred by Delta should be capped in the “single digit millions”.
In a new SEC filing, Delta says the CrowdStrike outage and resulting operational meltdown, which stranded tens of thousands of passengers, will cost the airline around $380 million in customer refunds and compensation in the form of cash and SkyMiles payments.
The embattled airline also believes non-fuel expenses associated with the meltdown and recovery will cost it an additional $170 million, driven by reimbursing passengers and crew members for hotel stays and other expenses.
Delta reached the $500 million figure by subtracting a $50 million lower fuel bill during the meltdown, as it was forced to cancel 7,000 flights during the five days of disruption.
“The CrowdStike update caused a catastrophic shutdown of more than 8 million computers around the world and disrupted countless companies’ business operations,” Delta’s lawyers say in the new letter to CrowdStrike.
“At Delta, it shut down more than 37,000 computers and disrupted the travel plans of more than 1.3 million Delta customers”.
The letter continued: “There is no basis – none – to suggest that Delta was in any way responsible for the faulty software that crashed systems around the world, including Delta’s. When the disaster occurred, dedicated Delta employees across the company worked tirelessly to recover from the damage CrowdStrike had caused”.
The letter fails to explain, yet again, why Delta was so badly impacted by the outage compared to its industry peers and rivals like American and United Airlines, but it rejects a claim by CrowdStrike that it offered Delta any real assistance to restore its systems.
In fact, Delta says the only support CrowdStrike offered for the first 65 hours of the outage was instructions to manually reboot every single affected machine, while an automated solution that was pushed to devices several days later introduced a second bug that required yet more manual intervention.
By the time that CrowdStrike CEO George Kurtz personally reached out to his counterpart at Delta, Ed Bastian, the airline had already restored its critical systems. The offer of help, Delta’s lawyers allege, was “unhelpful and untimely”, and by this point the airline’s confidence in CrowdStrike was “naturally shaken”.
The letter also seeks to dismiss an emerging narrative that Delta’s operational meltdown was the result of its own failure to invest in the latest IT – a narrative that has been put forward by both CrowdStrike and Microsoft.
Delta claims to have invested billions of dollars in its technology infrastructure and that its famed operational reliability was down to IT investments in recent years.
“Rather than continuing to try to evade responsibility, I would hope that CrowdStrike would immediately share everything it knows,” the letter continues, before warning: “It will all come out in litigation anyway”.
Delta has yet to respond to a letter sent by Microsoft’s external lawyers, who also blamed antiquated IT systems at the Atlanta-based carrier for its operational meltdown.
Last month, Delta CEO Ed Bastian admitted that the airline’s response to the outage had been “frustratingly slow” and promised to make changes to avoid a repeat of the embarrassing meltdown.
CrowdStrike said in response to the Delta letter: “Delta continues to push a misleading narrative. CrowdStrike CEO George Kurtz called Delta board member David DeWalt within four hours of the incident on July 19th.”
“CrowdStrike’s Chief Security Officer was in direct contact with Delta’s CISO within hours of the incident, providing information and offering support. CrowdStrike’s and Delta’s teams worked closely together within hours of the incident, with CrowdStrike providing technical support beyond what was available on the website.”
The statement continued: “This level of customer support led Delta board member David DeWalt to publicly state on LinkedIn[linkedin.com]: ‘George and his team have done an incredible job, working through the night in difficult circumstances to deliver a fix. It is a huge credit to the Crowdstrike team and their leadership that many woke up to a fix already available.'”
Hilarious, these guys are completely unhinged and just ranting. It’s a bad look for Delta. Any business worth a few handful of employees understand the concept of limitations of liability, and contractually what’s their exposure.
Delta fails to actually address their own shortcomings and try to pass the buck to crouch. While Crowdstrike is responsible for triggering the initial problem, the cascade effects were all on Delta afterwards.
The irony is that Delta absolves themselves of any responsibility when they get their passengers late due to mechanical issues, besides the occasional voucher. They don’t reimburse anyone for the lost time, hotels, or meetings/vacations. But they want Crowdstrike to pay them beyond what’s in their contract?
CloudStrike should pay a large sum to Delta and any company that incurred costs associated with the faulty release. Now, Delta also has to realize they have some fault in this mess. So, this $500 million sum is rediculous.