InfoSec community sounds off on CrowdStrike outage, next steps CrowdStrike details errors that led to mass IT outage

CrowdStrike fires back at Delta over outage allegations

After Delta Air Lines said it would seek damages against CrowdStrike over last month's IT outage, the cybersecurity vendor's legal counsel warned it would 'respond aggressively.'

CrowdStrike took issue with Delta Air Lines' recent allegations that the cybersecurity vendor was to blame for thousands of canceled flights in the wake of last month's massive IT outage.

On July 19, CrowdStrike issued a defective configuration update for its Falcon sensors that caused approximately 8.5 million Windows systems to crash and experience reboot loops. The errant update led to IT outages for CrowdStrike customers across the globe for transportation companies, healthcare services, government agencies and other organizations.

Delta suffered some of the most prolonged and visible disruptions. Delta CEO Ed Bastian last week told CNBC the CrowdStrike update forced the airline to cancel more than 5,000 flights and cost the company approximately $500 million over five days. As a result, Bastian said Delta would take legal action against CrowdStrike to seek damages.

To that end, Delta last week hired well-known attorney David Boies, though no lawsuit has been filed yet. Boies is known for representing the U.S. Department of Justice in its landmark antitrust lawsuit against Microsoft in 2001 as well as Oracle's unsuccessful patent infringement lawsuit against Google regarding the Android OS.

On Sunday, CrowdStrike responded to Delta. In a letter to Boies, provided by CrowdStrike to TechTarget Editorial, the company's outside counsel criticized the airline's comments.

"CrowdStrike reiterates its apology to Delta, its employees, and its customers, and is empathetic to the circumstances they faced. However, CrowdStrike is highly disappointed by Delta's suggestion that CrowdStrike acted inappropriately and strongly rejects any allegation that it was grossly negligent or committed willful misconduct with respect to the Channel File 291 incident," wrote Michael B. Carlinsky, attorney at Quinn Emanuel Urquhart & Sullivan LLP, in the email.

Carlinsky said that within hours of the botched update being issued, CrowdStrike contacted Delta to offer assistance with recovery and make sure the airline was fully aware of available remediations. "Additionally, CrowdStrike's CEO personally reached out to Delta's CEO to offer onsite assistance, but received no response," he wrote. "CrowdStrike followed up with Delta on the offer for onsite support and was told that the onsite resources were not needed."

Carlinsky's email to Boies noted that other competing airlines were able to restore IT operations sooner than Delta and that CrowdStrike provided on-site assistance to other customers that helped them restore operations "much more quickly than Delta."

"Delta's public threat of litigation distracts from this work and has contributed to a misleading narrative that CrowdStrike is responsible for Delta's IT decisions and response to the outage [Editor's note: Emphasis, Carlinsky]. Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions -- swiftly, transparently, and constructively -- while Delta did not," he wrote.

Carlinsky warned that CrowdStrike will "respond aggressively" if Delta and Boies take legal action against the vendor.

A CrowdStrike spokesperson provided the following statement to TechTarget Editorial.

The letter speaks for itself. We have expressed our regret and apologies to all of our customers for this incident and the disruption that resulted. Public posturing about potentially bringing a meritless lawsuit against CrowdStrike as a long-time partner is not constructive to any party. We hope that Delta will agree to work cooperatively to find a resolution.

Rob Wright is a longtime reporter and senior news director for TechTarget Editorial's security team. He drives breaking infosec news and trends coverage. Have a tip? Email him.

Next Steps

CrowdStrike shareholders sue, alleging false security claims

Microsoft, SecOps pros weigh kernel access post-CrowdStrike

CrowdStrike disaster exposes a hard truth about IT

CrowdStrike outage underscores software testing dilemmas

CrowdStrike chaos casts a long shadow on cybersecurity

Dig Deeper on Security operations and management