Delta Air Lines and CrowdStrike Try to Blame Each Other for Day-Long Outage and $500 Million Loss
In a letter to Delta, the software developer CrowdStrike accused the airline of causing the extensive impact of the recent incident, with Microsoft sending a similar message, blaming Delta for using outdated IT solutions. Delta, however, maintains that it bears no responsibility for the malfunctioning software, let alone for the failures of other systems worldwide. CrowdStrike now also faces the threat of a class-action lawsuit from investors.
The disputes have revealed some interesting details. By the time CrowdStrike’s CEO reached out to Delta’s CEO (once, late on the night of July 22), nearly four days had passed since the incident, and Delta had already restored its critical systems and the operations of most of its other computers. According to Delta, the offer of assistance came “too late,” and the phone call was “useless and untimely.” Delta denies that the software developer was “tirelessly” working to restore Delta’s systems, as claimed.
Furthermore, it is alleged that after Windows computers started shutting down globally, CrowdStrike did not take urgent measures or properly assess the scale and consequences of the failure. The only help provided in the first 65 hours after the incident was a link to a public website advising a manual reboot of affected PCs and the removal of faulty files. Worse, the update for automated problem resolution released on July 21 contained an additional bug, causing many machines to require further intervention before they could function again.
Delta claims to have invested billions of dollars in IT solutions, and the prolonged restoration of its IT systems was due to the company’s heavy reliance on CrowdStrike and Microsoft. Specifically, it was reported that about 60% of Delta’s critical applications and related data, including reservation systems, depend on Windows and Falcon. This trust in the software manufacturers backfired.
In response, CrowdStrike stated that Delta is promoting a misleading narrative. The company claims that CEO George Kurtz called a Delta representative within four hours of the incident on July 19, and CrowdStrike’s chief security officer established direct contact with Delta colleagues within hours of the incident. Both companies’ teams were closely collaborating just hours after the incident, with CrowdStrike providing far more support than just a link to a site with basic information.
As indirect evidence, one of Delta’s board members posted on LinkedIn, praising CrowdStrike’s CEO and his team for doing incredible work, tirelessly working under difficult conditions to resolve the issues. Delta declined further comment, but after expressing gratitude, it will undoubtedly be more challenging to take legal action against those responsible for the incident. In its letter, CrowdStrike once again urged Delta to stop trying to evade responsibility and to inform customers and shareholders about everything known regarding the incident, the decisions made, and the actions taken.