iStock.com/viper-zero
August 6, 2024
Should Delta Recoup Losses From CrowdStrike and Microsoft After the Recent Tech Outage?
Delta Air Lines took a nosedive last month in the eyes of thousands of customers who were left stranded at airports due to a tech outage caused by a faulty software upgrade.
The upgrade, by the cybersecurity firm CrowdStrike, downed 8.5 million Microsoft devices, including the systems that airlines and other clients use, though Delta was by far hit hardest.
The five-day service outage cost Delta $500 million in lost revenue from canceled flights, customer hotel payments, and other customer compensation, Delta’s CEO Ed Bastian told CNBC.
“If you’re going to be having access, priority access to the Delta ecosystem in terms of technology, you’ve gotta test the stuff,” he said. “You can’t come into a mission-critical 24/7 operation and tell us we have a bug. It doesn’t work.”
The severity of Delta’s cancellations — it canceled over 5,000 flights between July 19 and 25 — and the chorus of customer complaints led the U.S. Department of Transportation to open an investigation into Delta’s handling of the situation, Transportation Secretary Pete Buttigieg wrote on X.
Now, as of last Monday, the air carrier is taking legal aim at both Microsoft and CrowdStrike. It hired top attorney David Boies of Boies Schiller Flexner to sue both companies for damages, CNBC reported.
“They haven’t offered us anything. Free consulting advice to help us,” Bastian told the network in an interview last Wednesday on CNBC, referring to what Microsoft and CrowdStrike have offered as compensation to Delta.
In regards to the suit, Bastian continued in the interview, per CNN, “We have no choice. We have to protect our shareholders, we have to protect our customers (and) our employees for the damage, not just the cost but the reputational damage.”
But CrowdStrike’s lawyer countered that Delta didn’t take up the cybersecurity firm’s offer for on-site help during the outage.
On Sunday, the lawyer, Michael Carlinsky, wrote to Delta’s legal team that the airline’s threats of a suit “contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage,” CNBC reported.
He added that George Kurtz, CrowdStrike’s CEO, contacted Bastian directly to “offer onsite assistance, but received no response.”
One analyst, Joseph Gallo, a senior vice president at Jefferies, isn’t convinced a lawsuit against CrowdStrike will go anywhere.
“We don’t believe [CrowdStrike] will be held liable” in a suit by Delta, Gallo said in a message to investors, according to CRN. But other companies affected by the outage may look to save face with customers and follow Delta’s direction.
Gallo said he doesn’t think CrowdStrike will have to “reimburse customers for the outage,” but that “the litigation cost & distraction (CEO appearing before Congress) will certainly weigh.”
A CNN analysis predicted that most of the customers affected by the outage with Delta will return to the airline — in part because the airline is a major player at important hubs around the country, and people are tied to frequent flyer programs and branded credit cards.
Discussion Questions
In light of the tech outage and its consequences, how can Delta Air Lines rebuild customer trust and loyalty?
How should recent events influence the airline’s strategy in handling future tech disruptions?
How can companies like Delta better prepare for and mitigate the effects of technology failures, particularly when relying on third-party vendors for critical systems? What best practices could be implemented to minimize the risk of similar outages in the future?
Poll
Loading …BrainTrust
Patricia Vekich Waldron
Contributing Editor, RetailWire; Founder and CEO, Vision First
Neil Saunders
Managing Director, GlobalData
Perry Kramer
Managing Partner, Retail Consulting Partners
Recent Discussions
More Discussions
Would Recording In-Store Associates Help as a Training Tool?
Ethosphere is banking on AI-driven recordings of in-store associate practices as the next big thing in…Some Retailers Are Trimming Holiday Sales Discounts: Is This a Dangerous Play?
Some retailers are pulling back from deep discounts this holiday season. Is this a dangerous play?Has Kroger Discovered the Limits of Automated Warehouses?
Kroger is winding down its relationship with Ocado, citing cost overruns and a reorganization of its…
There needs to be a determination as to how much of Delta’s issues were caused by CrowdStrike and how much were caused by Delta’s response. Most airlines were not nearly as badly impacted as Delta, so it is reasonable to ask what Delta did differently that caused it outsized problems. This determination will be the subject of much legal and technical wrangling. The main winners will be the lawyers!
There seems to be culpability with both parties, so there will be lots of dirty laundry aired during the discovery process to determine the level of responsibility for each.
What seems to be absent here – or did I just miss it? – is any mention of why, out of all the airlines – and thousands of other businesses – Delta stands out. Were they particularly affected (?) and if so why; the possible answers range from “no , they’re just one of the crowd” to “yes, (but) for random reasons” to “yes, because of lack of robustness in their own systems”. Suffice it to say, these are radically different scenarios. My advice: don’t say anything … until you’ve talked to a lawyer.
If i were Delta I would try my best to get compensated: but it is a long shot. One has to ask the obvious question; why did it take Delta significantly longer to recover than its competition? Did they not have good DR plans? Were they too arrogant to accept help from CrowdStrike and MS as some articles claim? Delta will probably loose customers in the long run but probably not a material number. Delta should be concerned about investors and the investments they will need to harden their systems and improve their disaster recovery plans and processes.
The finger-pointing between CrowdStrike and Delta makes for juicy headlines, but where is the compensation for the 500,000 passengers who were delayed or cancelled and ended up sleeping on dirty floors in airport corridors due to this crisis?
I smell a long, slow class-action in the making. One that will eventually award affected travelers with discount travel coupons that many will find too difficult or inconvenient to redeem.
In light of the recent five-day technical outage, should Delta seek compensation from CrowdStrike and Microsoft? The current situation appears to be a case of “he said, she said” between Delta, CrowdStrike, and Microsoft.
Five thousand flights were cancelled, nearly a half million (possibly more) passengers were directly impacted, and nobody feels accountable.
I have more questions than answers:
1. Does an existing contract or agreement specify responsibility and liability in case of an outage?
2. The Secretary of Transportation Pete Buttigieg informs travelers that they have rights, and that Delta will be investigated. Thank you, Pete, but what are these rights, what are you investigating, and what answers are you seeking? Do you plan to investigate CrowdStrike and Microsoft as well, or will you be investigating only Delta?
3. What was the reason for Delta’s refusal to accept CrowdStrike’s offer of on-site assistance? Considering that it was a software malfunction, what could CrowdStrike have done onsite to make a difference.
4. Have all parties now understood what exactly caused the software glitch, and what steps are being taken to prevent a recurrence? Who will be responsible if it happens again?
5. How many consumers may be suing Delta, Microsoft, or CrowdStrike?
As a result of the entire situation, there appears to be chaos, disarray, a disconnect between parties, a breakdown in communication, and a growing lack of confidence that Delta’s passengers will have in the airline, CrowdStrike, and Buttigieg.
My guess is that an arbitrator will be appointed if there is no specific language in the contract. – Db
Great points, David.
Having been in the digital consulting space for a long time, I’ve seen my share of bugs that have negatively impacted systems, and I’ve led teams to resolve these thorny issues. Even a ‘simple’ upgrade like the one at CrowdStrike can be extremely problematic, as we’ve witnessed with Delta and other companies. But Delta’s woes do beg the question why it adversely impacted them 5x vs others? And if Mr. Bastian, Delta’s CEO, didn’t take Mr. Kurtz’s offer for on-site assistance, it really begs an even simpler question? Why not? Good technology partners always offer expert resources to solve issues, or they won’t be in business long. Great companies like Delta always have a solid ecosystem of partners behind them. If I were Mr. Bastian, a public facing lawsuit is not a bad strategy, but I’d dig really hard internally to understand why my airline systems were affected more so than any other company.
I am anxious to see this litigated. If Crowdstrke or Microsoft were a company supplying materials for a company’s products, there would be very little question of who was responsible for unacceptable materials. But this is a technology that is difficult to touch and feel and more difficult to conceive how it works in the system.
What will be the message to companies supplying tech?
The only upside for Delta is to shift blame to tech providers for the spectacle of passengers being stuck in the Airport for 3+ days. Maybe a PR win there. Maybe.
Digging deeper, let’s say Delta wins in litigation. Yay for Delta, except then you will see the larger tech companies price in the risk factor of being found liable against whatever SLA they sign up for, and other companies will bear that cost over time. And that will trickle down (as it always does) to consumers.
Keep the lawyers out of it, unless of course we want to elevate awareness of Shakespeare’s line in Henry VI part 2: “the first thing we do, let’s kill all the lawyers”.
And no one wants that. Right?