CrowdStrike Seeks to Dismiss Delta Air Lines Lawsuit Over July Cybersecurity Outage

CrowdStrike has moved to dismiss a lawsuit filed by Delta Air Lines related to a July cybersecurity outage that resulted in canceled flights and stranded passengers. The cybersecurity company argues that the suit violates the terms of the contract between the two parties, including a clause that limits CrowdStrike’s liability and caps damages. In its filing, CrowdStrike emphasized that Georgia law prevents Delta from turning a breach of contract claim into tort claims, citing the state’s economic loss rule.

Delta claims that the July incident cost the airline more than $500 million in canceled flights, refunds, and accommodations for affected passengers. The airline is seeking to recover these costs from CrowdStrike, but the full extent of the damage, including reputational harm and the impact of a Department of Transportation investigation, has yet to be quantified. Despite the incident, Delta continues to use CrowdStrike’s cybersecurity services, likely due to the complexity of replacing such a provider in a large organization like Delta.

CrowdStrike contends that it acted swiftly to assist Delta during the outage, but the airline reportedly rejected offers of help. According to CrowdStrike, one message from a Delta executive stated, “We are good for now.” The company also argued that Delta’s internal systems and practices contributed to the scale of the delays and cancellations, with the airline experiencing far more significant disruptions than its industry peers, who recovered more quickly from similar issues.

The cybersecurity company’s stock was heavily impacted by the outage, dropping 44%, but it has since recovered, posting strong results despite lowering its guidance due to the incident. Delta has yet to provide a statement in response to the filing.