CrowdStrike Dodges Airline Customer Class Action Over 2024 Outage

In the wake of a global IT outage in July 2024 that disrupted thousands of flights worldwide, airline passengers from several states, including California, Ohio, Pennsylvania, Iowa, and Nevada, brought a proposed class action against cybersecurity firm CrowdStrike Inc. and its affiliate, CrowdStrike Holdings Inc. Filed in August 2024, the complaint alleged that a defective software update issued by CrowdStrike caused critical systems on Microsoft Windows to crash, grounding flights and inconveniencing travelers across the globe.

According to the plaintiffs, the software contained "bugs, errors, and defects" that rendered airline computers inoperable. They asserted that these technological failures translated into canceled and delayed flights, hotel costs, and lost time. The plaintiffs sought recovery under various state law theories, including negligence and public nuisance, for the economic and personal losses they endured.

The Legal Barrier

CrowdStrike filed a motion to dismiss the action, arguing that the plaintiffs’ claims were preempted by the federal Airline Deregulation Act (ADA), which governs airline rates, routes, and services and includes a preemption clause that overrides conflicting state laws. U.S. District Judge Robert Pitman of the Western District of Texas agreed with CrowdStrike’s position and dismissed the lawsuit in a decision issued on June 19, 2025.

In the order, Judge Pitman emphasized that although the suit was directed at a cybersecurity company rather than an airline, the plaintiffs' claims still pertained to airline services. He stated, “That the Plaintiffs here bring their suit against CrowdStrike, rather than against the airlines themselves, does not prevent ADA preemption.”

The judge cited the Fifth Circuit’s 2002 ruling in Lyn-Lea Travel Corp. v. American Airlines, Inc., which established that ADA preemption is not confined to direct actions against airlines but extends to any claim that touches on airline services. In essence, if a claim would be preempted when made against an airline, it is similarly preempted when brought against a third-party vendor whose actions affect airline operations.

The Court's Reasoning

Judge Pitman reinforced the ADA's intent to prevent a fragmented patchwork of state regulations from interfering with a uniform federal standard for airline operations. Drawing from U.S. Supreme Court precedent in Morales v. Trans World Airlines, Inc., the court found that the plaintiffs’ claims had a direct connection to airline services—namely, flight scheduling, booking, and customer service accommodations during delays.

He also referenced a more recent 2010 Fifth Circuit case, Onoh v. Northwest Airlines, Inc., which interpreted the ADA’s preemptive scope as including any state law "having a connection with or reference to" airline services unless the connection is "too tenuous, remote, or peripheral." Given that the plaintiffs' alleged harms were tied directly to the operation of their flights, the court deemed the connection substantial enough to warrant preemption.

Furthermore, Judge Pitman noted a May 2025 ruling from a Georgia federal court that dismissed similar claims brought by customers against Delta Airlines due to the same outage, reinforcing the broader judicial trend toward strict application of the ADA preemption doctrine.

The Broader Implications

Judge Pitman concluded that allowing state tort claims against cybersecurity vendors for disruptions to airline services would have a ripple effect on the aviation industry. He warned of “significant effects from the enforcement of state tort law in this manner on CrowdStrike, akin to federal regulation,” adding that vendors would be incentivized to modify their service offerings and raise prices to offset increased liability risks. “This would, in turn, have a significant effect on airline services and could also have an economic effect on airlines,” the order stated.

This case signals that passengers seeking redress for flight disruptions tied to third-party service failures may face substantial legal hurdles under federal preemption law. It reaffirms the judiciary’s firm stance on the ADA’s expansive scope and its protective buffer for the airline industry against inconsistent state regulation.

The Law Firms Involved

The plaintiffs were represented by Cory S. Fein of Cory Fein Law Firm, Robert K. Shelquist of Cuneo Gilbert & LaDuca LLP, and Ben Barnow of Barnow and Associates PC. CrowdStrike was defended by Isabelle Ord, John M. Guaragna, Andrew Serwin, Virginia Weeks, Kylie Green, Scott Murray, and Jeffrey DeGroot of DLA Piper LLP.