Delta Air Lines and cybersecurity company CrowdStrike are in a major public spat over last month’s outage that caused the airline to cancel 5,000 flights. Delta has threatened to sue, and the two sides are already maneuvering their litigation communications. The latest is a leaked letter CrowdStrike wrote in response to that threat.

A glitch in an update to CrowdStrike’s Falcon Sensor vulnerability scanner that the company released July 19 caused 8.5 million Microsoft Windows devices to crash. Delta was hit particularly hard. The airline says the debacle cost it as much as $500 million in lost revenue and in expenses to fix the problem.

On July 29, CNBC reported that Delta had hired famed litigator David Boies, chairman of New York’s Boies Schiller Flexner LLP, to seek damages from CrowdStrike, based in Austin, Texas. Boies wrote to CrowdStrike that day and threatened legal action.

‘Fragile Platform’

Two days later, while at the Paris Olympics, Delta CEO Ed Bastian went on CNBC and said some biting things about CrowdStrike and Microsoft, which he called “probably the most fragile platform” (“When was the last time you heard of a big outage at Apple?” he asked).

With regard to suing CrowdStrike, Bastian said, “We have no choice,” mentioning the millions of dollars the disruption cost the company. “They haven’t offered anything,” he said. “Free consulting advice to help us — that’s the extent of it.” He said Delta, based in Atlanta, had to reset 40,000 servers by hand.

This week, media outlets including The Wall Street Journal, Financial Times and The New York Times reported on a leaked letter a CrowdStrike lawyer sent Boies on August 4. The correspondence is over the signature of Michael Carlinsky of Quinn Emanuel Urquhart & Sullivan LLP, the Los Angeles-based firm fresh off its victory of getting the film-set-shooting case against actor Alec Baldwin dropped.

Rejects Blame

In the letter, CrowdStrike again apologizes for the outage but rejects blame for Delta’s woes. Carlinsky mentions that the cybersecurity company’s offers of help were rebuffed.

“Should Delta pursue this path [of litigation], Delta will have to explain to the public, its shareholders and ultimately a jury why CrowdStrike took responsibility for its actions — swiftly, transparently and constructively — while Delta did not,” Carlinsky wrote. In fact, other airlines rebounded much more quickly.

The airline’s litigation threat “has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage,” Carlinsky wrote, adding that his client would respond “aggressively” to any lawsuit. He also said that “any liability by CrowdStrike is contractually capped at an amount in the single-digit millions.”

Rebuffed Assistance

In addition, Microsoft got into the feud Tuesday with an outside lawyer writing to Delta, contending that the airline also rebuffed its offers of help and that Delta hasn’t “modernized its IT infrastructure.”

Unless the airline and CrowdStrike reach a compromise, this dispute is likely to get only uglier. It’s good that they’re laying the groundwork for future comms. Delta’s argument is simply that CrowdStrike goofed and needs to make amends. CrowdStrike has the tougher row, but it seems it wants to argue, “Hey, these things happen in the technology world. And, by the way, our liability is limited.”

Photo Credit: Delta

Sign up for our free weekly newsletter on crisis communications. Each week we highlight a crisis story in the news or a survey or study with an eye toward the type of best practices and strategies you can put to work each day. Click here to subscribe.