Airline Travelers File Lawsuit Against CrowdStrike After Outage Disrupts Thousands of Flights

Cybersecurity firm CrowdStrike faces a class action lawsuit brought by airline travelers, after a software update caused widespread computer outages last month, canceling and delaying flights throughout the United States.

Late on the evening of July 18, CrowdStrike released a software update to its popular Falcon security platform, which contained a “logic error”, causing more than 8.5 million computers using the Windows operating system to fail the next day, impacting airlines, airports, hotels, hospitals and other businesses nationwide.

The CrowdStrike computer outage had a massive impact on U.S. air travel on Friday, July 19, resulting in the cancellation of more than 3,000 flights and delay of at least 11,000 others, which left more than 500,000 airline passengers stranded at U.S. airports for hours, if not days.

As a result of the preventable software outage, Julio del Rio, Jack Murphy and Steven Bixby filed a class action lawsuit against CrowdStrike (PDF) in the U.S. District Court Western District of Texas Austin Division on August 5, seeking damages for themselves and other airline travelers, who were forced to spend thousands of dollars on meals, lodging and other travel arrangements.

Computers Went Offline Due To CrowdStrike Negligence

The lawsuit alleges it was CrowdStrike’s negligence that caused computers running the company’s Falcon security platform to go off-line, directly resulting in the travel disruptions experienced by U.S. airline fliers.

Windows operating systems with the CrowdStrike Falcon software are used by nearly all airline companies, as well as a wide variety of other industries. Murphy, del Rio and Bixby maintain that if the company had properly tested and deployed the update, it would have gone unnoticed by CrowdStrike’s customers and air travelers.

“At all relevant times, CrowdStrike knew, or should have known, that failing to develop, implement, and maintain reasonable software development, testing, and validation processes, procedures, or controls would inevitably result in it publishing and disseminating a software update containing serious flaws, errors, invalid data, or bugs,” the airline travelers allege in the complaint.

CrowdStrike Outage Disrupted Air Travel

Del Rio indicates that he and his wife were traveling home from Hawaii to California when the CrowdStrike outage occurred, causing their flight to be delayed multiple times before it was ultimately canceled.

As a result of the chaos caused by the CrowdStrike flight cancellations, del Rio was unable to book another flight on the same airline, and indicates that he had to pay approximately $1,200 out-of-pocket to get home. He also has not been refunded the original $800 purchase price for his canceled flight.

Jack Murphy claims that he had plans to fly home from Columbia, South Carolina to Cleveland, Ohio. However, he was delayed for approximately nine hours at the Atlanta airport due to the CrowdStrike outage, and did not arrive back in Cleveland until 2:30 AM, at which time he was unable to find an Uber to drive him home. Murphy didn’t arrive home until 3:30 AM on the morning of July 20, with his sleep schedule severely disrupted.

Steven Bixby says that while traveling from Harrisburg, Pennsylvania to Chicago, his flight was delayed for three hours due to the CrowdStrike travel disruptions. In Chicago, Bixby’s connecting flight to Dallas-Fort Worth was delayed an additional four hours, leading to his scheduled eight hour flight taking approximately 17.5 hours to complete.

“CrowdStrike’s failure to properly develop, test, and deploy the Falcon update caused the CrowdStrike Outage and delayed or canceled [airline travelers’] flights,” del Rio, Murphy and Bixby state in the complaint. “These delays and cancellations in turn forced [airline fliers] to incur additional expenses and damages. This action seeks to remedy these consequences of CrowdStrike’s negligence. Plaintiffs bring this action on behalf of themselves and all persons who had a flight delayed or canceled as a result of the CrowdStrike Outage.”

Airline Damages Also Significant From CrowdStrike Outage

Reports suggest that Delta, American, United and a number of other Fortune 500 companies suffered more than $5 billion in direct losses as a result of the CrowdStrike outage.

Due to the travel disruptions, Delta has also threatened to file its own lawsuit against CrowdStrike, seeking to recover $500 million it claims was lost due to CrowdStrike’s computer failure.

Delta’s computer systems were down for six days following the CrowdStrike outage, affecting more than 500,000 travelers.

In response to the potential Delta lawsuit, CrowdStrike released a statement through an outside lawyer, indicating that the company “strongly rejects any allegation that it was grossly negligent or committed misconduct.”

The U.S. Department of Transportation is investigating why Delta took significantly longer than other companies affected by the CrowdStrike outage to bring its computers back online.