Delta & CrowdStrike Global IT Outage: Explained

Modern airlines heavily rely on complex technological systems for efficient operations, from flight scheduling to passenger services.
While essential for smooth air travel worldwide, this dependence exposes airlines to risks from software failures and cybersecurity breaches.
Such incidents can have far-reaching consequences, affecting millions of passengers and causing substantial financial losses.
The recent lawsuit filed by Delta Air Lines against cybersecurity firm CrowdStrike highlights the critical importance of reliable software systems in aviation and the potential impact of technological failures.
This case, stemming from a July 2024 incident that caused widespread disruption to Delta's operations, underscores the intricate relationship between airlines and their technology providers.
It also raises questions about responsibilities in ensuring system reliability and resilience in an increasingly digitised industry.
- Delta Air Lines is suing CrowdStrike for over US$500m in damages
- The lawsuit stems from a global outage in July that caused 7,000 flight cancellations
- 1.3 million passengers were affected over a five-day period
- CrowdStrike denies responsibility, blaming Delta's "antiquated IT infrastructure"
- The US Transportation Department has opened an investigation into the incident
The legal action stems from a global outage in July that resulted in mass flight cancellations and disrupted travel plans for 1.3 million customers.
According to Delta, the incident was caused by a faulty software update from CrowdStrike, which the airline describes as "catastrophic".
The lawsuit alleges that CrowdStrike "forced untested and faulty updates to its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash".
Delta claims that the outage led to the cancellation of 7,000 flights over five days, impacting 1.3 million passengers.
The airline is seeking over US$500m in out-of-pocket losses, as well as an unspecified amount for lost profits, expenditures including attorneys' fees and "reputational harm and future revenue loss".
CrowdStrike, however, rejects Delta's claims.
In a statement, the cybersecurity firm said: "Delta's claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernise its antiquated IT infrastructure".
Tech industry implications and regulatory response
The incident has drawn attention from regulatory bodies, with the US Transportation Department opening an investigation into the matter.
This scrutiny highlights the potential for increased oversight of airlines' technology infrastructure and their relationships with software providers.
The case also inevitably raises important questions about the balance between cybersecurity measures and operational stability in the aviation industry.
As airlines continue to digitise their operations, they must navigate the complex landscape of cybersecurity threats while ensuring that protective measures do not inadvertently compromise system reliability.
Delta asserts that it has invested billions of dollars "in licensing and building some of the best technology solutions in the airline industry" as part of its IT planning and infrastructure.
However, CrowdStrike has questioned why Delta fared significantly worse than other airlines during the incident, suggesting that the problem may lie with Delta's own IT systems rather than the software update.
The lawsuit raises important questions about liability and responsibility in the event of software-related disruptions.
Delta argues that CrowdStrike is liable for the losses incurred, saying: "If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed".
This case may set a precedent for how liability is determined in similar incidents in the future, potentially influencing how airlines and technology providers approach software updates and system maintenance.
Last month, Adam Meyers, a Senior Vice President at CrowdStrike, apologised before Congress for the faulty software update.
He explained that the company had released a content configuration update for its Falcon Sensor security software, which resulted in system crashes worldwide, saying: "We are deeply sorry this happened and we are determined to prevent this from happening again".
As the legal battle unfolds, the aviation and technology industries will be closely watching the outcome.
The case could have far-reaching implications for how airlines manage their technology partnerships, how software providers approach updates and testing and how regulators oversee the intersection of cybersecurity and operational reliability in critical industries like aviation.
******
Make sure you check out the latest edition of Technology Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Technology Magazine is a BizClik brand