Dive Brief:
- Delta Air Lines expects the CrowdStrike outage to cost it $380 million in revenue for its September quarter, driven by customer refunds and compensation through cash and SkyMiles, the company said in a Thursday securities filing.
- The airline canceled 7,000 flights in five days in the aftermath of a sweeping IT outage caused by a faulty CrowdStrike update last month, disrupting the travel plans of 1.3 million customers. “We are pursuing legal claims against CrowdStrike and Microsoft to recover damages caused by the outage, which total at least $500 million,” Delta said in the filing.
- Delta expects roughly $170 million tied to customer expense reimbursements and crew-related costs, though it did report saving $50 million in fuel expenses. “An operational disruption of this length and magnitude is unacceptable, and our customers and employees deserve better," CEO Ed Bastian said in the filing.
Dive Insight:
The scuffle between Delta, CrowdStrike and Microsoft has played out publicly for weeks, long after the July 19 flawed software update that triggered the outage was resolved.
On behalf of Delta, attorney David Boies responded Thursday to a CrowdStrike letter sent last week that blamed the airline for its slow recovery. Boies said it was the airline's vast reliance on the two providers which delayed Delta's recovery efforts.
"Approximately 60 percent of Delta’s mission-critical applications and their associated data — including Delta’s redundant backup systems — depend on the Microsoft Windows operating system and CrowdStrike," Boies said in the letter.
Other major carriers, including United Airlines and American Airlines were faster than Delta to bounce back from operational disruptions in July.
Though Bastian said the airline seeks to recoup $500 million in damages, CrowdStrike attorney Michael Carlinsky said a liability limitations clause in Delta's contract capped damages at a single-digit, million-dollar figure.
Delta, however, disagrees.
"Given CrowdStrike’s conduct, there is no 'liability cap' at 'single digit millions,'" said Boies. "The contract does not cap liability or damages for gross negligence or willful misconduct."
Analysts say the likely outcome of the legal posturing is a negotiated settlement.
"A lot of these cases, they ultimately settle," said Liz Herbert, VP analyst at Forrester.
"It's pretty clear that, if CrowdStrike had a legal contract, that this is exactly the scenario that that contract is applying to," said Herbert. "It's going to be somewhat difficult to see how Delta can make a point that that should now be changed, since that is something that was already agreed upon."
When reached for comment, CrowdStrike pushed back on Delta's characterization of the event. A CrowdStrike spokesperson said the provider had remained in close contact with Delta within hours of the incident and provided Delta with technical support "beyond what was available on the website."
Microsoft did not immediately respond to emailed requests for comment. Delta declined to provide additional comment beyond the two documents.
Editor’s note: This article has been updated to include a statement from CrowdStrike.