CrowdStrike has fired back in the wake of Delta Air Lines’ threat of a lawsuit, saying the airline is to blame for its lengthy recovery from the outage.
CrowdStrike pushed a faulty update to its cybersecurity software in mid-July. Because CrowdStrike’s software runs at the kernel level in Windows—the most low-level part of the operating system—the update had devastating consequences, crippling millions of Windows PCs around the world. The airline industry was hit hard, with Delta being one of the ones impacted the worst.
Delta CEO Ed Bastian said the company may take legal action against CrowdStrike in response.
“We have no choice,” Bastian said in an interview. “Over five days, between lost revenue and the tens of millions of dollars per day in compensation and hotels, we did everything we could to take care of our customers. We have to protect our shareholders, our customers, and our employees from the damage.”
According to The Wall Street Journal, CrowdStrike is accusing Delta of creating a “misleading narrative,” and points to the airline’s response to the outage as the true culprit.
“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions—swiftly, transparently, and constructively—while Delta did not,” wrote Michael Carlinsky, an attorney at the Quinn Emanuel Urquhart & Sullivan law firm.
The letter goes on to say that CrowdStrike tried to assist Delta in its recovery, but was ultimately told its help was not needed. Interestingly, Bastian alluded to the offer in his interview, but seemed to indicate that any such offer held very little real-world value.
“Do you really want to know what they offered us? Nothing. Free consulting advice to help us. Exactly,” he said. “We have to ensure that this doesn’t happen again and that our stakeholders are compensated for the losses.”
Delta’s long recovery has been a big question mark in the aftermath of the incident, especially since other airlines were back up and running days sooner. Bastian says the blame lies with CrowdStrike and Microsoft, painting Delta as being caught between two competing companies that don’t always work well together.
“People wonder how this could happen if we have redundancies. We built hundreds of millions of dollars in redundancies. The issue is with Microsoft and CrowdStrike, and we are heavily invested in both,” he explained. “We got hit the hardest in terms of recovery capability.”
“Microsoft and CrowdStrike are the top two competitors in cybersecurity. They don’t necessarily partner at the level we need them to,” Bastian added. “This is a call to the industry. Everyone talks about making sure big tech is responsible. Well, guys, this cost us half a billion dollars.”
There’s no doubt that CrowdStrike is ultimately to blame for the outage. The company admittedly pushed a faulty update that bricked millions of computers, in many cases requiring physical access to the machines to fix them.
Only time will tell if Delta was also negligent in their response to the incident, or if they are just caught between two companies, a victim of their heavy reliance on both.