Delta Air Lines, one of the largest carriers in the United States, recently faced a severe operational disruption due to a technology outage caused by cybersecurity firm CrowdStrike. The incident, which occurred during the peak of the summer travel season, resulted in the cancellation of thousands of flights and left countless passengers stranded. According to Delta's CEO, Ed Bastian, the financial impact of the outage is estimated to be around $500 million.
In an interview with CNBC, Bastian stated, "We have no choice but to seek compensation for the impact they caused us—half a billion dollars in just five days." The airline is now gearing up for potential litigation against CrowdStrike to recover the substantial losses incurred due to the outage. Delta has already enlisted the help of prominent attorney David Boies, chairman of Boies Schiller Flexner, in anticipation of a possible lawsuit.
The outage was particularly damaging for Delta due to its heavy reliance on both CrowdStrike and Microsoft for cybersecurity. The problematic software update from CrowdStrike led to operational failures across millions of Microsoft Windows systems, severely affecting Delta's crew-tracking system. This system is crucial for matching pilots and flight attendants to their respective flights, and its failure resulted in the cancellation of over 5,000 flights.
Bastian emphasized the airline's significant dependence on these services, stating, "We are by far the heaviest users in the industry of both services, and as a result, we were hit the hardest regarding our recovery capabilities." The Atlanta-based airline had to manually reboot approximately 40,000 servers to restore operations, a process that was both time-consuming and costly.
Despite the resumption of normal operations, with fewer than 100 cancellations across over 30,000 flights in the past week, Delta continues to face a considerable financial and reputational recovery process. The U.S. Department of Transportation is also investigating the airline's handling of the outage, adding another layer of complexity to the situation.
Bastian's remarks signal the onset of legal actions against CrowdStrike, although no lawsuits have been initiated yet. The CEO stressed the importance of thorough testing and reliability in critical operations, stating, "If you're going to have priority access to the Delta technology ecosystem, you must conduct thorough testing. You cannot enter a critical 24/7 operation and inform us of a bug."
The financial losses and operational disruptions caused by the CrowdStrike outage highlight the critical importance of robust cybersecurity measures for airlines. As Delta navigates the aftermath of this incident, the airline's experience serves as a stark reminder of the vulnerabilities inherent in today's interconnected technological landscape.