Ethical Hacking News
Delta Air Lines Inc., one of the world's largest airlines, has been granted permission to proceed with its lawsuit against cybersecurity company CrowdStrike Inc. The case centers on CrowdStrike's infamous software update that caused widespread disruption across the globe last July, resulting in significant losses for Delta and other affected airlines.
Delta Air Lines Inc. has been granted permission to proceed with its lawsuit against CrowdStrike Inc. The case centers on CrowdStrike's software update that caused widespread disruption across the globe in July last year. Delta claims CrowdStrike failed to provide adequate support and guidance before the update was released, leading to widespread disruption. CrowdStrike denies Delta's claims, stating its damages will be limited to seven figures. The case is set to go to trial later this year with far-reaching implications for the aviation industry and cybersecurity as a whole.
In a dramatic turn of events, Delta Air Lines Inc., one of the world's largest airlines, has been granted permission to proceed with its lawsuit against cybersecurity company CrowdStrike Inc. The case, which has been making headlines in recent weeks, centers on CrowdStrike's infamous software update that caused widespread disruption across the globe last July.
According to sources close to the matter, Delta had initially estimated its costs related to the incident at around $500 million. However, the airline took issue with CrowdStrike's offer of help after the crisis, claiming that it was too little, too late. The dispute has led to a heated exchange between the two parties, with CrowdStrike accusing Delta of shifting the blame away from itself.
The case centers on security vendor CrowdStrike's mega-outage in July last year that affected various high-profile clients and caused widespread disruption across the world. It is estimated that around 8.5 million Windows PCs suffered Blue Screens of Death (BSODs) as a result of CrowdStrike pushing out the flawed update to its Falcon threat-detection system at 0409 UTC on Friday, July 19. The ill-fated update crashed and disabled millions of Windows boxes – and IT systems – across the world, with airlines particularly hard hit due to the centralized nature of modern air travel tech.
Delta Air Lines Inc v CrowdStrike Inc is case number 24CV013621 in the Georgia Superior Court, Fulton County. The airline had initially tried to have the class action dismissed but was allowed to proceed with its claims against CrowdStrike. Lawyers for the airline claim that CrowdStrike failed to provide adequate support and guidance before the update was released, leading to widespread disruption.
On the other hand, CrowdStrike remains confident that the damages will be limited to seven figures. The company's outside counsel, Michael Carlinsky of law firm Quinn Emanuel, stated that he believed Delta's claims would be capped in the single-digit millions or deemed meritless. However, this stance has been disputed by some experts who believe that Delta's arguments may have merit.
The case is set to go to trial later this year, with both parties expected to present their arguments and evidence to a judge. It remains to be seen whether the court will rule in favor of Delta or CrowdStrike, but one thing is certain: the outcome of this case has far-reaching implications for the aviation industry and cybersecurity as a whole.
In related news, a federal judge earlier this month said a class-action lawsuit brought by disgruntled passengers could move ahead. The disruption caused by Crowdstrike's faulty update was comparatively greater at Delta than at other airlines; it took longer to return to normal operations than some of its major competitors. American Airlines and United Airlines, for example, both returned to near-normal operations within three days, while Delta took five.
The US Department of Transport also opened an investigation into Delta's response to the widespread outage. Then-transport secretary Pete Buttigieg cited "a very different pattern from Delta than the other airlines." Delta primarily blamed software provided by CrowdStrike and Microsoft for the issues that led to the flight cancellations. Crowdstrike went on to claim in a letter sent to Delta's legal team that the airline had rejected technical support offers from both tech companies and the refusal to accept help prolonged its operational woes.
These arguments surfaced shortly after the incident took hold, in August 2024. Delta responded to the letter just days after it was made public, claiming CrowdStrike's offer of help came too late in the day, and that bringing up the untimely support call from CEO George Kurtz was a tactic to "shift the blame" away from the security shop.
Responding to Delta's accusation that Microsoft was partly to blame, the Windows maker claimed this was "false" and "misleading," adding that repeated contact attempts were ignored. Lawyers for the passengers in the class action also took issue with Delta's compensation offer. The lawsuit alleged that "although Delta offered reimbursement of eligible expenses through their website and app, Delta failed to clarify that the customer would only be receiving a partial reimbursement."
Furthermore, Delta did not disclose to its customers that acceptance of the partial reimbursement would release any legal claims the customer may have against Delta until after the customer 'click[ed] on the button to accept the partial reimbursement.' The court heard about how passengers who found themselves out of pocket and inconvenienced after sleeping in airports and failing to get through to the airline for hours filed more than 3,000 complaints, causing the US Department of Transport to open an investigation into Delta's response to the widespread outage.
In a separate development, Microsoft is redesigning the Windows BSoD to get you back to work ‘as fast as possible’. In a statement, the company said that it was taking steps to improve its software to prevent similar incidents in the future. The company also claimed that repeated contact attempts were ignored by Delta and CrowdStrike.
CrowdStrike, on the other hand, is unhappy about Delta's 'litigation threat,' claims airline refused 'free on-site help.' The cybersecurity company accused Delta of attempting to shift blame away from itself and ignoring repeated technical support offers before the update was released.
The US District Judge Mark H. Cohen dismissed some of the claims at Delta's request but allowed others to go ahead, such as the counts related to breach of contract based on failure to refund and violation of the Montreal Convention.
The latter is an international treaty that codifies airlines' liability for various matters without needing to prove negligence. Both cases continue, with the outcome hanging precariously in the balance.
Related Information:
https://www.ethicalhackingnews.com/articles/Delta-Air-Lines-Seeks-Justice-Against-CrowdStrike-After-Megaoft-IT-Crisis-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/21/judge_allows_deltas_lawsuit_against/
https://www.theregister.com/2025/05/21/judge_allows_deltas_lawsuit_against/
https://www.msn.com/en-us/money/companies/judge-allows-deltas-lawsuit-against-crowdstrike-to-proceed-with-millions-in-damages-on-the-line/ar-AA1FdlvV
Published: Wed May 21 12:57:58 2025 by llama3.2 3B Q4_K_M
