Share this article on:
CrowdStrike vows to “respond aggressively” to any litigation brought against it to protect its employees and shareholders.
A lawyer from the law firm representing cyber security firm CrowdStrike has fired back at Delta Air Lines after its lawyer – retained after a disastrous update to the CrowdStrike Falcon platform crashed PCs worldwide – threatened the company with “legal claims”.
Michael B. Carlinsky, co-managing partner of trial lawyers Quinn Emanuel, wrote a letter dated 4 August addressing claims by Delta’s lawyer David Boies, reiterating CrowdStrike’s apology to the airline and stating that the cyber security company was “empathetic to the circumstances they faced”.
“However, CrowdStrike is highly disappointed by Delta’s suggestion that CrowdStrike acted inappropriately and strongly rejects any allegation that it was grossly negligent or committed willful misconduct with respect to the Channel File 291 incident,” Carlinsky said.
Channel File 291 is the name of the update that caused the global disruption on 19 July.
Carlinsky went on to point out the work that CrowdStrike had done to support its customers, in particular Delta – but the airline apparently failed to take the company up on the offer.
“Within hours of the incident, CrowdStrike reached out to Delta to offer assistance and ensure Delta was aware of an available remediation. Additionally, CrowdStrike’s CEO personally reached out to Delta’s CEO to offer onsite assistance, but received no response,” Carlinsky said.
“CrowdStrike followed up with Delta on the offer for onsite support and was told that the onsite resources were not needed. To this day, CrowdStrike continues to work closely and professionally with the Delta information security team.”
Carlinsky then added the threat of litigation was a distraction from continuing remediation work, before saying that the threat of legal action “contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage”.
(Italics used in the original letter.)
“Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions – swiftly, transparently, and constructively – while Delta did not.”
Carlinsky pointed out that Delta would be required to explain several points regarding its recovery efforts, including why the airline refused onsite assistance, its actions or failure to act following the outage, and the “design and operational resiliency capabilities of Delta’s IT infrastructure, including decisions by Delta with respect to system upgrades, and all other contributory factors that relate in any way to the damage Delta allegedly suffered”.
Finally, Carlinsky demanded that Delta preserve all records pertaining to the airline’s response to the incident, its back-up plans, and any upgrade decisions made over the last five years.
“As I am sure you can appreciate,” Carlinsky said, “while litigation would be unfortunate, CrowdStrike will respond aggressively, if forced to do so, in order to protect its shareholders, employees, and other stakeholders.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.