PYMNTS Intelligence Banner June 2024

Delta Plans Legal Action Amid $500 Million Hit From CrowdStrike Outage

Delta Air Lines says a recent, and massive, IT outage will cost it $500 million.

That’s according to a report Wednesday (July 31) from Bloomberg News, citing a statement from the airline that also says Delta has hired a law firm as it prepares to seek damages from the outage, which canceled thousands of flights earlier this month.

The $500 million figure is in keeping with Wall Street analysts’ estimates from last week, when Delta was still dealing with stranded passengers and the beginnings of a Department of Transportation investigation into its handling of the incident.

The trouble began with a glitch in a software update by cybersecurity firm CrowdStrike, leading to widespread outages of Microsoft’s Windows systems around the world, including at several major corporations, leading to chaos at not only airports but banks and hospitals as well.

As Bloomberg notes, many airlines were able to get back online relatively quickly, while Delta was still dealing with cancellations into the following week.

According to the report, the company’s extended recovery was due to the fact that the outage impacted an in-house system that processes changes to flights and their crews, which left Delta unable to properly align its crews and its planes.

PYMNTS examined the aftermath of the CrowdStrike outage – and other recent cybersecurity incidents – last week in a conversation with CompoSecure/Arculus Chief Product and Innovation Officer Adam Lowe.

He noted that when a software update fails, companies typically have contingency plans. But problems with essential security software like CrowdStrike can rapidly escalate, and disruptions to core functions, particularly at the Windows startup level, can be difficult to fix.

“Crises can also catalyze a shift in organizational culture, heightening awareness of cybersecurity issues and encouraging proactive behaviors among employees,” that report noted. “And proactive, hyper-aware behavior is crucial in today’s operating landscape where threat actors can move in real-time to activate new vulnerabilities and manipulate unsuspecting end-users.”

For example, cybercriminals have already tried to capitalize on the CrowdStrike outage by creating fake, malware-infected recovery manuals.

“CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu,” the company warned on its blog. “The document impersonates a Microsoft recovery manual. Initial analysis suggests the activity is likely criminal.”