American cybersecurity firm CrowdStrike has disputed Delta Air Lines’ allegations that it is responsible for flight disruptions following a global outage on July 19, which was triggered by a faulty update.
Delta CEO Ed Bastian stated last week that the outage cost the airline $500m and announced plans to pursue legal action for compensation from the cybersecurity firm.
In response, CrowdStrike issued a statement through an external lawyer, expressing strong disapproval of Delta’s accusations and denying any allegations of gross negligence or misconduct. The statement highlighted that any liability for CrowdStrike is “contractually capped at an amount in the single-digit millions.”
The outage led to the cancellation of over 6,000 flights over a six-day period, affecting more than 500,000 passengers. The US Transportation Department is investigating why Delta took longer to recover from the outage compared to other airlines.
CrowdStrike’s letter mentioned that the company reached out to Delta within hours of the incident, offering assistance, and that its CEO personally contacted Delta’s CEO to offer onsite support, which was not acknowledged.
Delta had informed US lawmakers that CrowdStrike’s update affected more than half of its computers, including workstations at airports, and that the airline’s IT system required manual recovery. CrowdStrike questioned why Delta’s competitors restored operations more swiftly and why Delta declined the offered onsite help.
Additionally, Reuters reported that Alphabet’s independent growth fund CapitalG reduced its stake in CrowdStrike prior to the outage. According to a regulatory filing, CapitalG decreased its holdings from 855,789 shares to 427,895 shares as of June 30.
CrowdStrike’s shares have fallen nearly 35% since the outage, as reported by the news agency. This decline comes as investors reassess their security strategies and regulators examine the risks associated with critical software managed by major firms.
Last week, the company faced a class action lawsuit from shareholders in Austin, Texas, accusing it of failing to disclose risks related to its software testing methods.
The outage, caused by a software update intended to enhance telemetry data collection, led to widespread disruptions, including flight groundings and service interruptions.
A post-incident review released on July 24 identified the faulty content configuration update as the cause, which led to a memory read error and the “blue screen of death” on systems running sensor version 7.11.
Besides Delta Air Lines, the global IT outage affected United Airlines and caused flight groundings and delays at various airports worldwide. Financial services were disrupted, with banks in Australia, India, and Germany notifying customers of issues. Market traders faced transaction problems, highlighting the outage’s broad impact on global financial markets.
In the UK, essential services like doctor booking systems and Sky News broadcasting were disrupted. Manchester United postponed a ticket release. Airports in Los Angeles, Singapore, Hong Kong, Amsterdam, and Berlin had to manually check in passengers, causing further delays.
Government agencies, including the Dutch and UAE foreign ministries, reported disruptions. The US Federal Aviation Administration remained unaffected, but other transportation issues were being resolved.
Spanish airport operator Aena and US carriers American Airlines, Frontier, and Spirit reported a return to normal service.