A Boeing 767-332(ER) from Delta Air Lines takes off from Barcelona El Prat Airport in Barcelona, Spain, on October 8, 2024.
Joan Valls | Nurphoto | Getty Images
CrowdStrike moved Monday evening to dismiss Delta Air Lines’ lawsuit around the July cybersecurity outage that led to canceled flights and stranded passengers, arguing that the airline’s litigation was an attempt to circumvent the contract between the two companies.
The agreement between CrowdStrike and Delta includes a clause limiting CrowdStrike’s liability and a cap on damages, which the cybersecurity provider says Delta is now trying to skirt. CrowdStrike also argued in its filing that Georgia law prevents Delta from converting a breach of contract into tort claims.
“As an initial matter, Georgia’s economic loss rule specifically precludes Delta’s efforts to recover through tort claims the economic damages it claims to have suffered,” CrowdStrike wrote.
Delta said the July cybersecurity outage cost the company more than $500 million in canceled flights, refunds and passenger accommodations. It is seeking to recoup those costs from CrowdStrike through the suit. But the damage done to Delta’s reputation as a premium carrier can’t yet be quantified, nor has the impact of a Department of Transportation investigation into Delta over the outage.
Delta continues to rely on CrowdStrike services following the outage, likely because it is extremely difficult to change cybersecurity providers in systems as large and complicated as Delta’s.
Still, CrowdStrike said it moved quickly to try and help Delta — offers the cybersecurity company says were rebuffed. “We are good for now,” one message from a Delta executive cited by CrowdStrike read. The cybersecurity company said its executives were in close contact on the day of the outage.
“Delta repeatedly rebuffed any assistance from CrowdStrike or its partners,” CrowdStrike wrote.
CrowdStrike further argues that Delta’s own practices and systems led to the widespread delays and cancellations, unlike other industry peers who recovered much more quickly from the outage.
“Delta was an outlier. Although Delta acknowledges that it took just hours—not days—for Delta employees to” remediate the outage, CrowdStrike wrote in its filing, “cancellations far exceeded the flight disruptions its peer airlines experienced.”
The cybersecurity company’s stock took a sharp hit after the outage, plunging 44%. It’s since largely recovered from those losses, posting strong quarterly results even after lowering its guidance due to the incident. CrowdStrike has been helped by the relative stickiness of its products, especially at large enterprises.
A Delta spokesperson was not immediately available for comment.
