During an interview on CNBC, Delta CEO Ed Bastian disclosed that the CrowdStrike outage cost the airline a staggering $500 million. This hefty price tag included compensation to customers, lost revenue, and the repercussions of more than 6,300 flight cancellations between Delta and its regional subsidiary Endeavour in the aftermath of the software update failure.
Bastian described the outage as a wake-up call for Delta, highlighting the need for reevaluation and improvement in their IT infrastructure security. Despite having made significant investments in redundancies, the airline was significantly impacted by the incident due to its heavy reliance on both CrowdStrike and Microsoft. The failure of CrowdStrike’s software update also affected Microsoft’s Windows operating systems, exacerbating the issue for Delta.
In the aftermath of the outage, Delta faced the daunting task of resetting 40,000 servers to restore normal operations. Bastian emphasized the need to reevaluate their approach to fortifying their systems, acknowledging that the perceived strength of their current defenses was insufficient in preventing such a catastrophic failure.
As a result of the significant financial losses incurred, Delta is contemplating legal action to seek damages from CrowdStrike for the outage. The Department of Transportation (DOT) has also launched an investigation into Delta’s handling of the situation, examining potential failures to meet customer service commitments during the operational collapse that followed the software failure.
The incident serves as a stark reminder of the critical importance of robust IT security measures in safeguarding against potential disruptions. Delta’s experience underscores the need for continuous vigilance and a proactive approach to mitigating risks associated with third-party IT dependencies.
The CrowdStrike outage served as a costly lesson for Delta, underscoring the vulnerabilities inherent in complex IT ecosystems. As the airline navigates the aftermath of this incident, it must prioritize strengthening its security infrastructure and implementing measures to prevent similar disruptions in the future.