CrowdStrike vows to ‘respond aggressively’ to Delta litigation

Lawyers for embattled cybersecurity firm CrowdStrike struck back at Delta Air Lines over the company’s public legal threats following the global software outage that caused thousands of flights to be canceled and delayed. 

In a letter published on Sunday, CrowdStrike lawyer Michael Carlinsky said the company is “highly disappointed by Delta’s suggestion that CrowdStrike acted inappropriately and strongly rejects any allegation that it was grossly negligent or committed willful misconduct.”

Carlinsky explained that CrowdStrike has already apologized and “is empathetic to the circumstances [Delta] faced” after an update sent out by the cybersecurity company caused more than 8.5 million Microsoft devices to crash. 

The letter was in response to one sent by lawyers for Delta on July 29 which threatened legal action against CrowdStrike for the outage and claimed the company did not test the update before it was sent out. 

Delta CEO Ed Bastian told CNBC last week the company will end up losing more than $500 million after about 5,000 flights were canceled and the airline had to issue millions of dollars worth of food and hotel vouchers. 

More than 40,000 servers had to be manually restarted, according to Bastian, who added the airline “had no choice” but to file a lawsuit for damages because they had to protect their shareholders, customers and employee due to “the damage, not just to the cost of it, but to the brand, the reputational damage.”

According to Carlinsky’s letter, CrowdStrike reached out to Delta to offer help multiple times but was rebuffed. Bastian did not respond to another offer of help made directly by CrowdStrike’s CEO, he claimed. 

The public legal threat from Delta “distracts” from the recovery effort and “has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage.” 

“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions — swiftly, transparently, and constructively — while Delta did not,” Carlinsky wrote, adding that their competitors restored operations “much faster.”

He added that “any liability by CrowdStrike is contractually capped at an amount in the single-digit millions.” 

The letter orders Delta to preserve all documents, records and communication related to the outage as well as past security incidents the company has dealt with.  

“As I am sure you can appreciate, while litigation would be unfortunate, CrowdStrike will respond aggressively, if forced to do so, in order to protect its shareholders, employees, and other stakeholders,” he said.

Delta did not respond to requests for comment about the letter. The airline was publicly criticized during the incident by Transportation Secretary Pete Buttigieg, who took to social media to slam the company for reports “of continued disruptions and unacceptable customer service conditions at Delta Air Lines.” The department later said it would investigate the airline’s response to the outage. 

Economists estimate the outage caused by CrowdStrike’s update will cost Fortune 500 companies more than $5.4 billion. 

The company is also facing backlash from its own investors, including the Plymouth County Retirement Association, which filed a lawsuit in Texas after CrowdStrike’s share price plummeted due to the incident.