Delta suing over software problems
And, more on the question of software, Delta is suing cybersecurity firm Crowdstrike over its outage last summer which, it claims, caused Delta to cancel over 7,000 flights, and cost the company $500,000,000.
The airline is asking for compensation and punitive damages from the outage, which started with a faulty update sent to several million Microsoft computers. Delta said the outage crippled its operations for several days, costing more than $500 million in lost revenue and extra expenses.
The outage hit several airlines and caused millions of customers canceled and rescheduled flights.
Oh, and Crowdstrike blames Delta’s “antiquated” systems for its problems.
A CrowdStrike spokesperson said the company tried to resolve the dispute — one of its lawyers said in August that CrowdStrike’s liability to Delta was less than $10 million.
The spokesperson said Delta’s claims are based on “misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”
Number one question a software company asks a potential client company: “What will you be running our software ON?” Equipment compatibility is key. I’d bet Delta said “we are running blah di blah on yada yada mainframes” and Crowdstrike replied “ah, no problemo…sign here.” High dollar sales don’t like to get caught short after failing to ask obvious stupid questions, and some software just won’t run on outdated hardware.
In its lawsuit, Delta claims that the outage occurred because CrowdStrike failed to test the update before rolling it out worldwide.
Delta canceled about 7,000 flights over a five-day period during the peak summer vacation season. The outage also affected banks, hospitals and other businesses.
“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit,” Delta said in the lawsuit, which was filed in Fulton County Superior Court in Georgia, near the company’s headquarters.
Given how many business were impacted, sounds like Crowdstrike may be on thinnish ice. Going to be interesting to see how an Atlanta judge rules on this, eh?
Later edit – if you’re experiencing a bit of shadenfreude about all the software issues not affecting you – think again. According to Tom’s Guide the data breach caused by hacker group ALPHV (aka “Black Cat”) on United Healthcare has hit 100,000,000 people. Call it a bit under a third of the US population.
According to public notices the company pushed out in June, the stolen data includes: billing, claims, and payment information; medical information such as diagnoses, test results, and medical record numbers; health insurance information such as member/group ID numbers; and personal information such as Social Security numbers and driver’s licenses or state ID numbers.
I feel better…
Category: "The Floggings Will Continue Until Morale Improves", Crime, Economy
Unless Delta is running systems on Win98, most updates should be backwards compatible.
Methinks Crowdstrike is skating on thin ice here.
As Directed of Media Relations for the proud but humble woman owned business that sold the software, allow Hack to explain “the rest of the story”. Sure, we purchased the software from who we believe is an authorized third party vendor selling his wares from the trunk of his car in the parking lot of the Dulles Convention Center, because who has the $20 entry fee to gain entrance, but the guy pinky swore that this was the real deal. How is that our fault?
I guess that everyone that had problems with this software were running obsolete hardware? Somehow I find that hard to believe.
How many folks couldn’t upgrade their PCs from Windows 7 to 10 or 10 to 11 due to hardware compatibility issues.
Several years ago pre -pandemic a local base pushed a software update to 10,000 or so computers on the Base network. Before doing so they even tested it on a couple standard desktops widely used on the Base.
The “standard” desktops CPUs and such were representative of the hardware used for the pre-deployment test with one exception. Approximately 40% had different keyboards and these keyboards and their self-contained CAC readers didn’t work with the update. Without a working CAC reader they couldn’t access the network to include e-mail.