As everyone knows by now, Delta had a massive operational meltdown a couple of weeks ago, whereby over 7,000 flights were canceled, and even more flights were delayed.
While the initial cause of the issues was a faulty CrowdStrike software update, the scale of Delta’s problems was partly due to the company’s lackluster crew scheduling software, which is why Delta recovered so much slower than its competitors.
Delta has tried to do everything it can to avoid taking accountability in this situation and has vowed to sue CrowdStrike to recover the losses from this incident. With Delta having done so much to publicly shame CrowdStrike, the cybersecurity giant is now striking back (as is Microsoft, separately)…
In this post:
CrowdStrike accuses Delta of misleading narrative
As flagged by @David_Slotnick, legal counsel for CrowdStrike has just sent a letter to Delta’s counsel, accusing the Atlanta-based airline of creating a misleading narrative surrounding the meltdown. I want to share the main part of the letter in full, because, oh my, this is quite something:
CrowdStrike reiterates its apology to Delta, its employees, and its customers, and is emphathetic to the circumstances they faced. However, CrowdStrike is highly disappointed by Delta’s suggestion that CrowdStrike acted inappropriately and strongly rejects any allegations that it was grossly negligent or committed willful misconduct with respect to the Channel File 291 incident. Your suggestion that CrowdStrike failed to do testing and validation is contradicted by the very information on which you rely from CrowdStrike’s Preliminary Post Incident Review.
CrowdStrike worked tirelessly to help its customers restore impacted systems and resume services to their customers. Within hours of the incident, CrowdStrike reached out to Delta to offer assistance and ensure Delta was aware of an available remediation. Additionally, CrowdStrike’s CEO personally reached out to Delta’s CEO to offer onsite assistance, but received no response. CrowdStrike followed up with Delta on the offer for onsite support and was told that the onsite resources were not needed. To this day, CrowdStrike continues to work closely and professionally with the Delta information security team.
Delta’s public threat of litigation distracts from this work and has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage. Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions — swiftly, transparently, and constructively — while Delta did not. Among other things, Delta will need to explain:
- Why Delta’s competitors, facing similar challenges, all restored operations much faster.
- Why Delta turned down free onsite help from CrowdStrike, professionally who assisted many other customers to restore operations much more quickly than Delta.
- That any liability by CrowdStrike is contractually capped at an amount in the single-digit millions.
- Every action, or failure to act, by Delta or its third-party service providers, related to the Channel File 291 incident.
- The design and operational resiliency capabilities of Delta’s IT infrastructure, including decisions by Delta with respect to systemwide upgrades, and all other contributory factors that relate in any way to the damage Delta allegedly suffered.
In light of Delta’s July 29 letter, CrowdStrike must also demand that Delta preserve all documents, records, and communications of any kind — including emails, text messages, and other communications — in the possession, custody, or control of Delta, its officers and directors, and employees concerning, but not limited to, the items listed above. As I am sure you can appreciate, while litigation would be unfortunate, CrowdStrike will respond aggressively, if forced to do so, in order to protect its shareholders, employees, and other stakeholders.
My take on CrowdStrike’s response to Delta
I’m (obviously) no legal scholar, and I also don’t know the details of CrowdStrike and Delta’s contract regarding liability for incidents like this.
When we learned that Delta planned to sue CrowdStrike to recover losses from the incident, I was highly skeptical — sure, Delta should get some compensation for the initial meltdown. Still, Delta executives have been acting as if they’ll be made whole, and as if they had no part in all of this.
From an optics standpoint, I’ve gotta say that this CrowdStrike letter is incredibly well written. CrowdStrike backed Delta into a corner here, and if this does go to court, I can’t imagine Delta would end up looking very good:
- Delta would have a heck of a time explaining why it turned down CrowdStrike’s help after the incident
- This would expose how lackluster Delta’s crew scheduling software is, and how the airline underinvested in this
- The communications among Delta executives following the outage sure would be interesting
Suffice it to say that this could get very interesting. It seems likely that Delta and CrowdStrike will settle and split the difference here because I can’t imagine Delta wants all of this to come out. But who knows, since I get the sense that many Delta executives truly believe the airline played no part in this…
Bottom line
CrowdStrike is defending itself against Delta’s claims. CrowdStrike’s legal counsel states that Delta turned down its help after the meltdown, that Delta’s CEO didn’t respond to CrowdStrike’s CEO, and that it’s Delta’s own issues that caused the severity of the meltdown. This should get fun…
What do you make of CrowdStrike’s response to Delta?
My hats off to crowdstrike ceo, all other airlines accepted the help from crowdstrike support team and as I read this, Delta had issues in past with their reservations, cancelations as they call mechanical issue, I know been canceled many times. Now The truth comes out that delta don't want to expose, more lawsuits from passengers and I believe that the CEO of Delta and top board members should all resign, I dumped Delta stocks...
My hats off to crowdstrike ceo, all other airlines accepted the help from crowdstrike support team and as I read this, Delta had issues in past with their reservations, cancelations as they call mechanical issue, I know been canceled many times. Now The truth comes out that delta don't want to expose, more lawsuits from passengers and I believe that the CEO of Delta and top board members should all resign, I dumped Delta stocks and bought more crowdstrike stocks. Delta will back off. This is my opinion from reading the article and known of Delta issues with bookings
Delta’s response to this situation merely reflects its typical superiority complex in everything it does. Yes, Delta has done much better than its competitors in the post deregulation atmosphere, but Delta’s belief it is right in everything it does is a fantasy.
Any settlement Delta is entitled to should be paid out in worthless Skypesos!
‘May I have your attention please?
May I have your attention please?
Will the real Tim Dunn please stand up?
I repeat, will the real Tim Dunn please stand up?
We're gonna have a problem here.’
This letter made my day! Still LMAO. DL gets what it was asking for by being so pompous and obnoxious in the way that they've chosen to do business.
Here in Europe there is quite some debate about the details of the CrowdStrike contractual terms of use. Apparently, they state that their software should not be used for mission critical applications, listing a number of those. Apparently it was mission critical for Delta. On the other hand, it is doubtful if such a blanket exception is legally enforceable.
On a side note: The list of explicitly ruled out applications contains air traffic control. It...
Here in Europe there is quite some debate about the details of the CrowdStrike contractual terms of use. Apparently, they state that their software should not be used for mission critical applications, listing a number of those. Apparently it was mission critical for Delta. On the other hand, it is doubtful if such a blanket exception is legally enforceable.
On a side note: The list of explicitly ruled out applications contains air traffic control. It will be interesting to see how ATC enterprises will save themselves …
The damage to Delta is in the Millions$$.
Good for Crowdstrike to come back with the "best defense is a good offense" defesne strategy.
The only winners in this is the attorneys.
So I will end with this question: What is black and brown and looks good on an attorney? A: A Doberman.
Objection!
Defendant is discriminating a cute being by its skin color.
Regardless of the outcome, Delta execs will make sure the cost to fix this comes out of us. So expect higher fares, lower service and even worse app experience!
this site is clearly not the place for intelligent, balanced perspective but a few tidbits might highlight what is at stake
CrowdStrike's market cap has fallen by 45% over the past month, representing more than $40 billion in wealth wiped away.
Delta says this will cost them $500 million - assuming they didn't succeed at legal recovery- which represents about 10% of their previously expected annual profit for 2024 and less than 5% of...
this site is clearly not the place for intelligent, balanced perspective but a few tidbits might highlight what is at stake
CrowdStrike's market cap has fallen by 45% over the past month, representing more than $40 billion in wealth wiped away.
Delta says this will cost them $500 million - assuming they didn't succeed at legal recovery- which represents about 10% of their previously expected annual profit for 2024 and less than 5% of their annual revenue.
DAL stock is right in line w/ the airline industry which has fallen on macroeconomic fears.
Anyone that doesn't realize how skewed the impact of this is skewed AGAINST CRWD and in DL's favor simply isn't interested in the truth.
CRWD is fighting for its survival and will go to all ends to try to convince the world that they did nothing wrong - but taking down tens of millions of computers worldwide, issuing an apology, and pointing to a tiny little amount of liability they MIGHT have IS destroying their business and far beyond DL.
DL can keep this going as long as it is clear they can inflict more financial pain on CRWD.
and a PASSENGER class action law suit was filed today against CrowdStrike.
Just wait until other sectors of the economy do the same at the behest of hungry lawyers.
This isn't going away and CRWD will be the one most hurt.
This CRWD's market cap has fallen from about $54 to about $38 since May 14, 2024 (long before this event). It was about $45.50 before the event, and fell to today's close of $37.95 (along with everything else in the market (including DAL), DAL closed at $45.44 on 19 Jul and closed today at $38.01, so this is pretty similar.
I love flying on DAL - but it seems to me like DAL blew...
This CRWD's market cap has fallen from about $54 to about $38 since May 14, 2024 (long before this event). It was about $45.50 before the event, and fell to today's close of $37.95 (along with everything else in the market (including DAL), DAL closed at $45.44 on 19 Jul and closed today at $38.01, so this is pretty similar.
I love flying on DAL - but it seems to me like DAL blew it.
The faulty CRWD logic code was in "Channel File 291" with timestamp 2024-07-19 0409 UTC. They caught the problem and issued a repaired update with timestamp 2024-07-19 0527 UTC (about an 1 hour 18 minutes later). After that time - it seems to me that it was to DAL IT responsibility. The fact that CRWD went the extra mile to help their customers may be the reason that DAL originally selected CRWD as a vendor to begin with. It seems to me that DAL IT made a big mistake by not taking advantage of CRWD expertise.
You imply that there is no limitation of liability, and may have access to the contract between CRWD and DAL and know that this is no cap to CRWD liability - but software contracts "always" have a limitation of liability (often 1x Fees Paid and sometimes 3x Fees Paid, and "not to exceed some fixed amount like $1,000,000 or $3,000,000. If CRWD does not have a Limitation of Liability - they deserve whatever amount DAL can extract!! Of course, DAL probably should be removing the CRWD app from their computers right now now.
@Tim Dunn...are you a lawyer now? How did you earn your JD while also posting all of the time?
Then again, students could earn their BA's by studying your neurosis.
I think Delta is trying to convince the world minus Tim Dunn that they did nothing wrong.
Tim Dunn wrote:
‘There is no need for an apology from Crowdstrike if you did nothing wrong.’
So, this is very telling of Delta then. As Ben have repeatedly pointed out Delta is blame shifting and has not even offered a sincere apology and no real explanation for what happened (Just blaming Crowdstrike is not a real...
I think Delta is trying to convince the world minus Tim Dunn that they did nothing wrong.
Tim Dunn wrote:
‘There is no need for an apology from Crowdstrike if you did nothing wrong.’
So, this is very telling of Delta then. As Ben have repeatedly pointed out Delta is blame shifting and has not even offered a sincere apology and no real explanation for what happened (Just blaming Crowdstrike is not a real clarification). This is why Delta is not offering a heartfelt apology because they believe that they did nothing wrong. Companies that don’t apologize want to minimize responsibility for their actions. It would mean that they are at fault. DL is never wrong in their and TD’s opinion.
At least, Crowdstrike acknowledged its mistake and used the actual word ‘apology’ in its letter to Delta. It also provided a much clearer explanation as to what happened, what it did to fix the issue, and how Delta rejected their help because Delta is so premium that it it has to fix anything to the highest standard of premium.
By the way, Crowdstrike also hired very prominent and capable lawyers:
https://www.reuters.com/legal/litigation/lawyers-line-up-crowdstrike-delta-litigation-looms-over-outages-2024-08-05/
As a customer I really don’t care about Delta’s share price. I care about service, product and reliability. Delta wasn’t able to provide me with any, and an 18hr trip ended up being more than 72.
Delta cut corners on their IT system - just look at how limited the app is. I’m overseas now, trying to modify a reservation, the app doesn’t work and been chatting with 4 different agents and still the...
As a customer I really don’t care about Delta’s share price. I care about service, product and reliability. Delta wasn’t able to provide me with any, and an 18hr trip ended up being more than 72.
Delta cut corners on their IT system - just look at how limited the app is. I’m overseas now, trying to modify a reservation, the app doesn’t work and been chatting with 4 different agents and still the change hasn’t happened.
Those $500M shouldn’t come out of our pockets as “customers” but those should come out of execs bonuses/salaries and he’s, dare I say it, shares. Bad companies are bad investment… but we all know what’s gonna happen… they will pass on the bill to us! Tax payers! And somehow that’s capitalism. It’s capitalism when bailing out a company but it’s socialism when helping out an individual. Got it!
Oh one more thing, during this whole delay fiasco, on that Sunday, I called to change a CDG flight out of Atlanta and the Diamond desk agent said and I quote “allow me to see why the flight was delayed first”!! Were they trying to collect additional $$ or pin this down on weather!
Agents were initially told to treat this event the same way they would treat a flight affected by weather--as in, an event out of the airline's control. That's part of why you saw a lot of social media posts early on about DL refusing to help/reimburse stranded flyers.
Right on the fluff Timmy. Talking about market cap.
Didn't sometime in early 2021 GameStop had a market cap around 20 Billion or around 80% of Delta during the same time?
Now go ahead and fluff about 'truth'.
While customer have repeatedly saying (especially to Timmy) they don't give a cookie dough arse about stocks, profits, A350-1000, ATL, etc. They care most about the product and service. (none of which is in any of your fluff since even before the meltdown)
Tim, it's not about who is loosing worse between CRWD and DL, it's about DL's flop compared to the rest of the industry.
I assume most of us here aren't cyber security analysists, and likely most of us don't hold CRWD stock. We don't care if they're hurting, we're just hear to laugh at how terrible DL handled the whole situation.
You can say "DL is gonna make them hurt" all you want. Successful or...
Tim, it's not about who is loosing worse between CRWD and DL, it's about DL's flop compared to the rest of the industry.
I assume most of us here aren't cyber security analysists, and likely most of us don't hold CRWD stock. We don't care if they're hurting, we're just hear to laugh at how terrible DL handled the whole situation.
You can say "DL is gonna make them hurt" all you want. Successful or not in hurting CRWD's market cap, DL is still going to lose hundreds of millions and look like the buffoons of the airline industry.
Funny / random tidbit -- right after this happened, Delta has privatized the Bulgari Hotel in Paris. As in, good luck even entering the hotel unless you can prove you are with Delta Airlines.
Probably they arranged this in advance but I did think it was funny that while passengers are struggling to get reimbursed, Delta & Co had completely booked out a min $2k/night hotel in Paris.
Would a Tim Dunn cookie dough rewards card be enough proof to enter?
I’m curious whether Delta’s CIO/CTO was attempting to pull the blinders on the CEO to take the heat off of his/ her shoulders.
What other reason would Delta’s top executive have for not accepting or thanking CS for the offer.
The CEO of Delta was likely thinking the offer was to prevent negative attention from festering beyond what it already was.
A responsive collaboration of some sort would have been appropriate.
Hubris, of course.
Ben,
Let me compliment you on a well written and informative article. So many stories written today rely on ChatGPT and lack substance.
My family and I were caught up in the Delta meltdown forcing us in to two extra days of vacation. I ended up buying tickets on Southwest to get home because they still use Windows 3.1. Oh the irony
To their credit, I have already been refunded my return...
Ben,
Let me compliment you on a well written and informative article. So many stories written today rely on ChatGPT and lack substance.
My family and I were caught up in the Delta meltdown forcing us in to two extra days of vacation. I ended up buying tickets on Southwest to get home because they still use Windows 3.1. Oh the irony
To their credit, I have already been refunded my return ticket cost, extra hotel night fees and rental car usage by Delta. If only their crew scheduling software had been that responsive!
At least they didn't just send a GIF of the Simpsons NELSON going HA-HA.
This feels right to me. Whenever you work with vendor software and it fails because of their update or existing code, the vendor sends people to do the heavy lifting to correct the software. You as the custome IT mostly sit back but assist in the operation. IF you are not requesting their on site support that either means you are still dealing with your own system being offline or the problem is not at...
This feels right to me. Whenever you work with vendor software and it fails because of their update or existing code, the vendor sends people to do the heavy lifting to correct the software. You as the custome IT mostly sit back but assist in the operation. IF you are not requesting their on site support that either means you are still dealing with your own system being offline or the problem is not at crowdstrikes periphery. Yes. Their software may have initiated a shutdown or resources going offline which crowdstrike would be culpable for but by declining on site support you are actively telling them the ongoing problem is either no longer vendor related or you are still not at a point where your system is ready for their repair. My guess at having seen this kind of mess for 3 decades, delta servers probably got hosed and corrupted when they tried to recover, they never tested their recovery procedure and this is the first time they have a full recovery situation and realize they don't have all the backup they need for full automated restore so they are having to recover manually which would take days. The various IT are tasked with manually reinstalling software, recreating user permissions, rebuilding their DBs and manually reloading the data back into newly created databases. And if they are mostly outsourced even more screwed because they don't do improvising. One small non outsourced team is probably having to go dept by dept with painfully detailed tasks and write up scripts for outsource to follow.
@Bob...appreciate your comment. I know you likely don't have full insight into other companies or industries...but what's your speculation as to why DL did not perform at the same level as AA/UA with the recovery? And why some other airlines were seemingly not affected?
Always treat your customers according to their values.
Therefore, CrowdStrike should apologize and offer Delta 10,000 SkyPesos as compensation.
Haha
There is no need for an apology from Crowdstrike if you did nothing wrong.
They did a whole lot wrong - the largest IT failure in the history of mankind - which is they are in full CYA mode.
Crowdstrike released code which failed on millions of computers. How fast anyone else recovered is meaningless because there is no public way for anyone to compare the architecture and what had to be recovered.
There...
There is no need for an apology from Crowdstrike if you did nothing wrong.
They did a whole lot wrong - the largest IT failure in the history of mankind - which is they are in full CYA mode.
Crowdstrike released code which failed on millions of computers. How fast anyone else recovered is meaningless because there is no public way for anyone to compare the architecture and what had to be recovered.
There are still medical systems and other computers that are not fully recovered; this is not just about Delta.
The line from CRWD's CEO that their liability is limited to a couple million dollars IS an admission of guilt. You don't apologize and then say "but we are only limited to a couple million dollars" if you did nothing wrong.
It doesn't matter what any of us think and this isn't about rooting for or against anyone.
The legal system and perhaps real Americans that see big tech abusing its power will decide but you can bet that there is very much a case for severe negligence when a company takes down hundreds of millions of computers and costs tens of billions of dollars in damage worldwide.
This may be an aviation site but the implications ALWAYS were much larger than DL.
The chances that DL and other companies will get something - maybe not as much as $500 million - are very high.
What the fluff?
We keeping sight that DL took what 5 days more than all their competitors - it’s funny how poorly DL is able to manage it self with curve balls. It proves they are fragile and listening to certain people cheerleading. The only way you fix things is you have to admit you have a problem first. Certain people can’t be objective so it makes for great laughs. Can’t tell you the number of loyal DL fliers have moved on from them in my group of road warriors
Which means absolutely nothing without knowing the difference in the systems each airline ran.
It’s Ben speak and not anything associated with real life
Ben has made a name for himself being the Delta bashing rid but he is as clueless about what happened or why as you are.
And you can’t say how many passengers have left Delta because it is a dream. You do remember how much you said that Delta...
Which means absolutely nothing without knowing the difference in the systems each airline ran.
It’s Ben speak and not anything associated with real life
Ben has made a name for himself being the Delta bashing rid but he is as clueless about what happened or why as you are.
And you can’t say how many passengers have left Delta because it is a dream. You do remember how much you said that Delta monopolizes its hubs?
CNN in Atlanta even recognizes that Delta will lose few passengers
There are more passengers that have left American for Delta over the past year than Delta for anyone else
Btw count the number of cancellations over the past two days and Delta was well below American and United
TL;DR
Tim accuse everyone of being clueless.
But Tim magically has all the explanations, numbers, (made up) facts.
Fluff you, this is typical Tim.
By the way, cancellation of the past 2 days regardless of how irrelevant it is?
Why not compare number cookie dough served in the last 2 days? It still proves the same point you're making.
Dear Tim, I hope you are throughly enjoying the continued #Deltageddon !
Who do you want to play you in the movie they make about this?
So nice to see our very own Ben's OMAAT post cited in the letter. :)
I LOVE it!!! And maybe Delta could also explain why, in the midst of this immense conflagration, it was a good idea for the CEO and Senior Leaders to take first class trips to Paris for the Olympics. Granted, they waited a week to do this after it was pointed out to them by management that this might not be the best time for them to go on such a trip.
A true leader wouldn't have left at all. They would've stayed in the trenches with their people. Optics matter--doubly so for a company obsessed with crafting narratives and keeping up appearances.
Oof, I really hate to see DL utterly dressed down and embarrassed like this, particularly when it was highly predictable that this would happen and current management blithely stepped on this rake anyway. As unfortunate as it is, it looks like CrowdStrike really has the goods on DL here.
CrowdStrike has its pants down. Their legal counsel is a sh!t tier firm that allows all their lawyers to WFH and wear jeans.
WFH *and* wearing jeans?! Heavens to Betsy!
Except in court!
Everyone slow down and please leave politics out of this discussion.
Right now the most important issues in this "battle of the letters" are:
1. The asserted existence of a contractual cap on Crowdstrike's liability, and what legal options are there permitting Delta to avoid its operation;
2. The comparison of Delta's recovery as compared to other airlines (Unite and American), and the evidentiary issues at trial illustrating that Delta's problems were internal;
3....
Everyone slow down and please leave politics out of this discussion.
Right now the most important issues in this "battle of the letters" are:
1. The asserted existence of a contractual cap on Crowdstrike's liability, and what legal options are there permitting Delta to avoid its operation;
2. The comparison of Delta's recovery as compared to other airlines (Unite and American), and the evidentiary issues at trial illustrating that Delta's problems were internal;
3. Most importantly, the demand by Crowdstrike's counsel that Delta preserve all documents relating to the incident. A demand to preserve evidence is a strong pre-litigation tool and would cover almost everything Delta said/did during the crisis, including of course what steps Delta had to take to get back to full operations including software changes.
What we haven't seen is any communications between Crowdstrike and United/American as far as liability. Those airlines probably have the same liability cap in their contracts and may well have simply accepted that compensation and moved on.
Meh, the document preservation demand is a formality. Even without the letter, Delta would be in deep trouble if it hadn't been preserving these records when it has been publicly threatening litigation.
Typical crowdstrike arrogance. The lack of real accountability is astonishing. I wish someone would investigate George Kurtz and the actual Crowdstrike technology. One of the most dishonest companies you will find.
They did the same thing with Zuckerberg a few years ago.
Committee are as old as Joe Biden grilling a tech executive who is young enough to date their great grandkids. What'd you think the outcome will be.
Seems to me that both Crowdstrike and Delta feel they are really tight with the Democrat party, and that their political connections will be their ultimate trump card (can I still use that word?) when this gets to a court. In today's progressive US, the final decision will be one directed by political players and not based on a strict ruling of what the controlling case law requires (unless it can make it all the...
Seems to me that both Crowdstrike and Delta feel they are really tight with the Democrat party, and that their political connections will be their ultimate trump card (can I still use that word?) when this gets to a court. In today's progressive US, the final decision will be one directed by political players and not based on a strict ruling of what the controlling case law requires (unless it can make it all the way to the SC.)
One of them is going to get thrown under the bus. Will be perversely fun to watch it play out.
Go away. You just get in the way of an adult conversation about how to run a business.
Troll.
What garbage. You clearly have no idea how the American judicial system actually functions. Take off the tinfoil hat and get an education.
Does nobody take accountability any more? Crowdstrike very clearly made a sizeable mistake and Delta's poor legacy systems compounded that as demonstrated by how much worse they handled their outage relative to competitors in the marketplace. Both Delta's initial letter and Crowdstrike's response have the substance of a toddler playground argument with professional, legal veneer.
A shameful commentary on where we are as a society where accountability is so impossibly rare.
Does nobody take accountability any more? Crowdstrike very clearly made a sizeable mistake and Delta's poor legacy systems compounded that as demonstrated by how much worse they handled their outage relative to competitors in the marketplace. Both Delta's initial letter and Crowdstrike's response have the substance of a toddler playground argument with professional, legal veneer.
A shameful commentary on where we are as a society where accountability is so impossibly rare.
I keep hearing noises from my basement- some words in between sobs:
"I'll show them a strongly worded letter!!! My portfolio will survive!!!"
Lol Crowdstrike’s letter refers to the OMAAT post as source on Delta’s slower recovery!
https://x.com/David_Slotnick/status/1820286332347760672
Delta’s top lawyers will now be digging through all 290+ comments in that post. They must be wondering who a certain person mentioned often in there is ;)
Could they summon him as a witness?
I want to cry.
Real Tim wouldn’t cry.
The BIG issues here is if Delta does get any type of settlement, then the remaining airlines, airports, hotels, hospitals, media, colleges, etc, etc, etc will want their share.
To handle each of these as out of court settlements with Do Not Disclose Agreements (DNA) would be costly, time consuming, and contrary to the image of Crowdstrike.
Also, what is the culpability of Microsoft? It has the deepest pockets, but will require CrowdStrike...
The BIG issues here is if Delta does get any type of settlement, then the remaining airlines, airports, hotels, hospitals, media, colleges, etc, etc, etc will want their share.
To handle each of these as out of court settlements with Do Not Disclose Agreements (DNA) would be costly, time consuming, and contrary to the image of Crowdstrike.
Also, what is the culpability of Microsoft? It has the deepest pockets, but will require CrowdStrike to contribute to the kitty before entertaining any type of compensation.
Based on its own abysmal reputation for software updates, it may just walk away scott free with CrowdStrike holding the bag!!
This could easily end up like the asbestos trust or the Deep Sea Horizon settlement plan. Lots of law suits and counter suits; lots of billing by the hour; and eventual class action status.
Eventually, a plan is put before a judge, a pool of money is established. Once you partake in the pool, any claims against the defendants are dismissed.
This whole mess could take 5 to 6 years to resolve.
The ball is in play….makes interesting reading as the years go by!
I'm not a lawyer, but if the contractual cap on liability is enforcible, going to court will only run up Delta's legal services cost without increasing their payout. I'm assuming that the damages attributable to CrowdStrike will hit or exceed the cap in the case of Delta. The damages for other airlines may not hit the cap, and they could go to trial to try to push the payout as close as possible to the...
I'm not a lawyer, but if the contractual cap on liability is enforcible, going to court will only run up Delta's legal services cost without increasing their payout. I'm assuming that the damages attributable to CrowdStrike will hit or exceed the cap in the case of Delta. The damages for other airlines may not hit the cap, and they could go to trial to try to push the payout as close as possible to the cap, but I suspect most will negotiate a settlement and move on. Ed Bastion, on the other hand, may have put himself in a position where its hard to back down.
The whole idea is to show gross negligence on the part of CrowdStrike and/or Microsoft. If so, this will set a precedence for the flood gates to open and the rest to make their claim. To prevent this, CrowdStrike may throw out a pool of money as settlement and live another day. In an extreme example, CrowdStrike could declare Chapter 11 which throws a monkey wrench in any settlement talks. Same thing that my local...
The whole idea is to show gross negligence on the part of CrowdStrike and/or Microsoft. If so, this will set a precedence for the flood gates to open and the rest to make their claim. To prevent this, CrowdStrike may throw out a pool of money as settlement and live another day. In an extreme example, CrowdStrike could declare Chapter 11 which throws a monkey wrench in any settlement talks. Same thing that my local Catholic Church is doing as part of its settlement of claims.
Lots and lots of maneuvering...lots and lots of hourly billing by attorneys.....what a gold mine!!
This shouldn't be nearly as complex and costly as mass torts like asbestos and Deepwater Horizon. Usually, the existence of a contract governing a relationship between the parties precludes tort claims for financial injury. That should simplify matters immensely. (That's not to say this will be a quick/easy case.)
CrowdStrike is right regarding capping of liability. Generally, clients and suppliers have an agreement that defines Service Level Agreement (SLAs) regarding downtime and when resources will be up and running after an incident. They also generally define what compensation might be if the SLAs aren’t met. It’s doubtful that litigation would result in a settlement that would be net beneficial financially. Delta is clearly trying to smear CrowdStrike, so I’m for the drama here.
CrowdStrike is right regarding capping of liability. Generally, clients and suppliers have an agreement that defines Service Level Agreement (SLAs) regarding downtime and when resources will be up and running after an incident. They also generally define what compensation might be if the SLAs aren’t met. It’s doubtful that litigation would result in a settlement that would be net beneficial financially. Delta is clearly trying to smear CrowdStrike, so I’m for the drama here.
SLAs are valid unless Gross Negligence by the supplier. Likely what Delta will claim. Not having redundant checks on QA software prior to releases to multiple simultaneous customers seems rather negligent when it impacts 100s of companies and effectively causes a global standstill for several hours / days.
Additionally, the contract is only enforceable until it's challenged. Boiler plate contract language is usually riddled with holes that savvey attorneys can exploit.
SLAs are valid unless Gross Negligence by the supplier. Likely what Delta will claim. Not having redundant checks on QA software prior to releases to multiple simultaneous customers seems rather negligent when it impacts 100s of companies and effectively causes a global standstill for several hours / days.
Additionally, the contract is only enforceable until it's challenged. Boiler plate contract language is usually riddled with holes that savvey attorneys can exploit.
JP, while I agree, it is also negligent for an organization to not test updates before deploying them to production. Delta is large enough to have that type of testing pipeline. It is also incredibly negligent to not have a Business Continuity Plan that addresses the loss of such a critical software application to operations such as crew scheduling. This is especially egregious given the SouthWest meltdown in late 2022. The fact that the application...
JP, while I agree, it is also negligent for an organization to not test updates before deploying them to production. Delta is large enough to have that type of testing pipeline. It is also incredibly negligent to not have a Business Continuity Plan that addresses the loss of such a critical software application to operations such as crew scheduling. This is especially egregious given the SouthWest meltdown in late 2022. The fact that the application in question could not handle the scheduling change demands post remediation is not the failing of Crowdstrike. It is completely a failing of Delta, and it's choices to not invest in the product. This goes for not having diversity in their IDS choices across their IT ecosystem, as well.
It has been incredibly disappointing to watch Delta do everything it can to avoid any kind of responsibility in the matter, and to act like victims. That does not bode well for improvement or learning.
Crowdstrike was so stupid to send this letter. As the British would say, Crowdstrike are retards.
Delta has a top litigator on their side. Delta will be compensated to the moon and back.
Thanks Paul. We all appreciate your insight.
Sarcasm?
Ed Bastian is surrounded full of yes men at Virginia Avenue.
After he pushed out everyone else, it's no surprise that management somehow agreed with him here that that's a good idea, blaming Crowdstrike.
This is not a letter you send if you’re looking for a settlement. It’s certainly not a letter you distribute to the press if you’re looking for a settlement. Crowdstrike doesn’t have the moral high ground here. It’s not one of the passengers impacted by the event. It caused the event. I don’t get their legal strategy, as putting this letter out will just piss off Delta and make litigation that much more probable.
In what way does CrowdStrike not have the "moral highground"? If they can show all contractual requirements were met and they offered add'l support assistance - twice, it seems - which was subsequently turned down, then CrowdStrike won't need whatever "moral highground" you wrongfully assign companies. Especially when no other airlines were as affected. In fact, I'd say CrowdStrike has the legal, defensive highground to refute Delta's claim. That's what I read from this latter....
In what way does CrowdStrike not have the "moral highground"? If they can show all contractual requirements were met and they offered add'l support assistance - twice, it seems - which was subsequently turned down, then CrowdStrike won't need whatever "moral highground" you wrongfully assign companies. Especially when no other airlines were as affected. In fact, I'd say CrowdStrike has the legal, defensive highground to refute Delta's claim. That's what I read from this latter. It's a "Come and get it, Delta!" letter from CrowdStrike.
And given how terrible Delta's IT seems to be - case in point this meltdown, I'm going to trust the data security company over that travel brand, and have a pretty good feeling CrowdStrike has various logs and other data, in the TBs, to show what UA and AA and literally every other customer did/had, and where Delta failed.
You're right about one thing, this does NOT sound like a letter from a party looking for a settlement.
You must have Crowdstrike stock to be apologizing this much for them. They made one of the biggest blunders in computing history, think about that.
Not sure why you are acting like other airlines were perfectly fine. There are lot of angry customers across MANY industries beyond just the airlines, too.
One of my best friend had a flight delayed over 24 hours that day. It wasn't Delta, it was AA. So don't act like other airlines made out fine here.
Crowdstrike caused the event. Offering additional support assistance after you’ve harmed someone doesn’t erase the harm. Offering to pay someone’s medical bills after you’ve caused them injury doesn’t erase the fact that you’ve injured them. I’m sure Delta would have accepted Crowdstrike’s offer of assistance if they thought it was going to do them any good. As other lawyers have pointed out in other posts, there are plenty of ways around the contract terms. The...
Crowdstrike caused the event. Offering additional support assistance after you’ve harmed someone doesn’t erase the harm. Offering to pay someone’s medical bills after you’ve caused them injury doesn’t erase the fact that you’ve injured them. I’m sure Delta would have accepted Crowdstrike’s offer of assistance if they thought it was going to do them any good. As other lawyers have pointed out in other posts, there are plenty of ways around the contract terms. The buyer’s expectation around those limitations of liability have to do with Crowdstrike’s missing a threat, not around Crowdstrike being the threat.
Crowdstrike still has 2x the market cap of DL. Limits of liability terms on these contracts are very very tight even with negligence. I negotiate these for a living and most favorable terms I have ever negotiated were 6X yearly spend. And that was a $1B/5-year contract. This goes to court (most likely in a jurisdiction friendly to the SW provider - another term that Crowdstrike wouldn't give up to maybe a $5-10M contract) DL has a very uphill climb.
This letter is absolutely disgraceful. Not a way to address your customers after you screw them over with an improperly created code. Hopefully Delta doubles down on their refutation of this questionable organization.
Perhaps people will take their business elsewhere. I know I will be.
1000% agree from my perspective at a V10.
Delta is the only customer of Crowdstrike that is being extremely vocal about trying to pin their own shortcomings on Crowdstrike through litigation. Delta having retained a high profile litigation lawyer, I will not say ambulance chaser, Crowdstrike has to respond in kind.
And as Delta has taken the very public road of whataboutism in blaming Crowdstrike, Crowdstrike will need to refute it in the public domaine too.
I don't think Delta has thought...
Delta is the only customer of Crowdstrike that is being extremely vocal about trying to pin their own shortcomings on Crowdstrike through litigation. Delta having retained a high profile litigation lawyer, I will not say ambulance chaser, Crowdstrike has to respond in kind.
And as Delta has taken the very public road of whataboutism in blaming Crowdstrike, Crowdstrike will need to refute it in the public domaine too.
I don't think Delta has thought this through, when they argue that Crowdstrike is liable for the full damages, a parallel step Delta is being liable for passengers' missed cruise due to a Delta delay.
The footnote in the letter references this blog!
Delta is acting like a Karen, and CrowdStrike has responded accordingly. I doubt many of CrowdStrike's major customers see a problem with that.
Wow! What a satisfying letter. I’d love to be Crowdstrike’s lawyer that wrote it.
But at least when Bastian ran away in the middle of the catastrophe he got good seats at the Olympics. It's appallingly obvious that that's not the case but Delta's BOD would have fired Bastian if they actually cared about - you know - those passenger people.
I’ll add - look up egg shell plaintiff rule.
I did Google it, seems to be applicable in personal injury law.
But I guess the condition, if applicable here, is that Delta goes on record to document that their system resilience was "made of egg shells". That they want to be compensated for running a crappy system.... Not sure they'd want to do that.
I’m not defending Delta. I’m also not a lawyer. I’m just saying there’s a concept at play here that Delta’s recovery process being terrible doesn’t let Crowdstrike off the hook at all.
Let’s be clear - Crowdstrike released code to millions of systems with less testing than I do for a fraction of a fraction of a percent of systems. That’s extremely negligent behavior.
Crowdstrike released code, code that took out I don't even know how many end points. But there were also unaffected end points based on the same update. What caused some to be fine and some to fail?
No doubt Crowdstrike did not do their full homework, but the IT departments around the world did also not do their job by uncritically releasing the update to their networks. Each network is unique, the parameters of how...
Crowdstrike released code, code that took out I don't even know how many end points. But there were also unaffected end points based on the same update. What caused some to be fine and some to fail?
No doubt Crowdstrike did not do their full homework, but the IT departments around the world did also not do their job by uncritically releasing the update to their networks. Each network is unique, the parameters of how end points are configured differs company to company, it should alps be tested in house before being released.
If a case is ever filed, it will almost certainly be decided based on the terms of the relevant contract(s), not tort law principles. (But if we're arguing tort law principles, Delta's contributory negligence would seem to be far more relevant here.)
20 year IT pro.
The logistics of having outside help can be complicated. Not surprising at all to turn that down for a situation that would be resolved in a day on the tech side.
Not sure how Delta having issues of their own relieves Crowdstrike of any legal issues.
Make no mistake, Crowdstrike *really* screwed up. Delta is like the passenger not wearing a seatbelt and Crowdstrike is the driver of the car with a .2 BAC.
Crowdstrike is the driver of the car with a .2 BAC, and Delta is like the passenger not wearing a seatbelt who then refused medical attention and instead decided to walk 20km home in the rain without a jacket.
And Delta customers are like that passengers underwear. Absorb all the shit from the passenger walking home in the rain. With no choice or recourse.
At home, they just throw the underwear away and blame it on the rain. Same time, also giving a self back pat and rewarding yourself 2 positive space tickets for making it home in the rain.
As the gays say, they ate them so bad.
Delta continues to take no responsibility for their actions leading to a massive mess. If they go to court and the facts are exposed, all the better! Hopefully Delta executives will finally see the effects of their hubris laid out in their faces.
The executives might, but Mr. Dunn won't.