Delta sues CrowdStrike over summer tech outage that led to thousands of cancellations

Luggage covers the floor of baggage claim at Atlanta's Hartfield-Jackson Airport as Delta employees try to reunite passengers with their belongings.
Delta employees at Hartsfield-Jackson Atlanta International Airport work to reunite travelers with their luggage on Tuesday, July 23, 2024 as the airline struggled to catch up after a global tech outage. (Matthew Pearson/WABE)

Delta Air Lines is suing the cybersecurity firm CrowdStrike over a global tech outage in July that led several major carriers to cancel thousands of flights, but none more so than Delta.

CrowdStrike says Delta is trying to shift the blame for its failure to modernize the airline’s IT systems.

According to a company spokesperson, CrowdStrike filed for a declaratory judgment in response to Delta’s suit, meaning that CrowdStrike has asked the court to resolve a legal disagreement between the two parties and define their legal relationship and rights, without ordering enforcement.



“We have filed for a declaratory judgment to make it clear that CrowdStrike did not cause the harm that Delta claims, and they repeatedly refused assistance from both CrowdStrike and Microsoft. Any claims of gross negligence and willful misconduct have no basis in fact,” the spokesperson told WABE in a statement.

Delta filed the complaint against CrowdStrike with the Fulton County Superior Court in Georgia late Friday afternoon. The Atlanta-based airline claims CrowdStrike failed to test the update, which led to Microsoft systems going down and costing the airline $500 million due to canceled flights.

“Delta’s lawsuit seems to suggest that it’s not only the actual losses but attorney fees and reputational harm and potential future loss,” said Ramnath Chellappa, a professor at Emory’s Goizueta Business School who studies aviation.

A Delta spokesperson said CrowdStrike is to blame for not adequately preventing the outage.

“CrowdStrike has also conceded it failed to adhere to even basic industry-standard practices for IT updates, such as conducting a phased roll out and providing rollback capabilities. In fact, if CrowdStrike had tested this on even a single computer, that computer would have crashed,” the Delta spokesperson said.

CrowdStrike denies these claims.

“Essentially, they are suggesting that, yes, we may have caused the first piece of this domino to fall. But it is your poor infrastructure that really led to the kind of the enormous amount of delays that have actually occurred,” said Chellappa.

According to a CrowdStrike spokesperson, the company has tried to “reach a business resolution that puts customers first.”

“Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure,” the spokesperson said.

Delta also faces a class-action lawsuit from passengers who claim they were not properly reimbursed or received refunds for travel plans impacted by the tech outage.

“As set forth in Delta’s Motion, we view these claims to lack legal merit,” a Delta spokesperson said. “Moreover, our customers don’t have to sue to get a refund or reimbursement; if they are eligible, all they need to do is ask.” 

Meanwhile, federal officials continue investigating Delta over refunds and reimbursements to affected customers.