Passengers Seek Full Appeals Court Review in CrowdStrike Case
Data Breach TodayArchived Jun 06, 2026✓ Full text saved
Appeal Faces Steep Statistical Odds Given Previous Court Rulings Passengers affected by the July 2024 CrowdStrike outage are making a longshot bid to get their case reheard en banc, arguing that claims tied to the vendor's allegedly defective software update involve traditional negligence issues under state law rather than airline services.
Full text archived locally
✦ AI Summary· Claude Sonnet
Business Continuity Management / Disaster Recovery , Governance & Risk Management , Litigation
Passengers Seek Full Appeals Court Review in CrowdStrike Case
Appeal Faces Steep Statistical Odds Given Previous Court Rulings
Michael Novinson (MichaelNovinson) • June 5, 2026
Share Post Share
Credit Eligible
Get Permission
Airline passengers lobbed a Hail Mary in their lawsuit against CrowdStrike, asking an entire Appeals Court to hear their case regarding the security vendor's alleged negligence.
See Also: OnDemand: Introduction to Sustainability Data Management
The passengers contend in an 18-page petition filed Wednesday that their claims concern CrowdStrike's conduct as a software developer rather than the economic relationship between airlines and passengers covered by the Airline Deregulation Act. A U.S. District judge found the claims against CrowdStrike were preempted by the Airline Deregulation Act, and a three-judge Appeals Court panel backed this decision (see: Judge Axes Flight Disruption Suit Tied to CrowdStrike Outage).
"The claims at issue … arose from CrowdStrike's development and publication of a defective software update, conduct which is wholly outside of the economic relationship between passengers and airlines," the passengers argue. "In finding plaintiffs' claims preempted because they relate to airline services, the panel impermissibly expands the definition of airline services beyond the bounds this court established."
Petitions for rehearing en banc are highly unlikely to succeed, with the Fifth Circuit Court of Appeals granting just seven - or 3.3% - such petitions between July 2024 and June 2025 while denying 199 others and disposing of four petitions by other means, according to judicial workload statistics. The case was filed in the Western District of Texas, and the Fifth Circuit covers Louisiana, Mississippi and Texas.
"We are pleased with the appellate court's ruling affirming the dismissal of all the plaintiff's claims and are confident it will be upheld," a CrowdStrike spokesperson told ISMG in an email. This proposed class action lawsuit is one of many legal claims CrowdStrike faces after a faulty July 2024 software update to the company's Falcon platform disrupted 8.5 million systems.
Why Passengers Say CrowdStrike's Work Isn't an Airline Service
The plaintiffs argued the Fifth Circuit drew a clear distinction between airline services that are part of the contractual relationship between airlines and passengers and other activities that fall outside that relationship. They said CrowdStrike's development, testing and deployment of cybersecurity software should not be considered an airline service simply because airlines happened to use the software.
"The panel's affirmance of the dismissal of plaintiffs' claims under the ADA [Airline Deregulation Act] conflicts with the court's prior en banc decision in Hodges and, absent en banc review, threatens to disturb the paradigm of ADA preemption in this circuit," the passengers wrote in their petition.
Passengers argue the lawsuit focuses on CrowdStrike's conduct as a software company, and their alleged failures are traditional negligence issues governed by state tort law and have nothing to do with airline pricing, routes or services. They claim the panel's ruling effectively transformed a software defect case into an airline regulation case solely because some affected customers were airlines.
"These claims seek redress for the consequences of CrowdStrike's negligent failure to properly develop, test and deploy software updates, not 'to hold [an airline] liable at the point at which it provides a ‘service’ to its customers,'" the passengers wrote.
Although check-in platforms, communications systems and aircraft weight-calculation tools became unavailable because computers running CrowdStrike were trapped in reboot loops, passengers argue the disruptions were consequences of CrowdStrike's software failures. The existence of airline-related damages should not convert claims against a software vendor into claims relating to airline services.
"While plaintiffs allege they suffered injuries as a result of the CrowdStrike Outage's effect on certain airlines, they do not allege wrongful conduct on the part of any airline caused their injuries, nor do they allege that CrowdStrike provided an airline service," the passengers wrote. "Neither plaintiffs' claims nor the underlying state law relates to airline services or economic aspects of the airline industry."
Why Passengers Want to Sue CrowdStrike for Alleged Injuries
Passengers claim they incurred additional lodging costs, meal expenses, transportation costs and losses associated with missed events, reservations and purchases. State tort law has historically provided remedies for such harms, and allowing Airline Deregulation Act preemption here would significantly restrict the ability of consumers to recover losses caused by third-party technology providers, they said.
"Plaintiffs seek compensation for physical injuries sustained as a result of CrowdStrike's negligence, not airlines' economic decisions about (or methods of providing) airline services," the passengers wrote.
The Airline Deregulation Act doesn't preempt all personal injury lawsuits, but passengers said the panel's ruling effectively ignores this principle and creates uncertainty about when personal injury claims may proceed. Because this issue affects future litigation involving airlines and airline-related disruptions, the petition argues that clarification from the full court is necessary.
"Hodges and its progeny established an exception to ADA preemption for state-law tort claims for personal injuries," the passengers wrote.
One passenger allegedly developed neck and back pain after sleeping on an airport floor because of travel disruptions, while another reportedly suffered migraines caused by sleep deprivation, while a third allegedly experienced anxiety, headaches and chest pains stemming from the stress of the outage. Passengers argue these are the types of personal injury claims traditionally permitted under state law.
"The panel's decision extending ADA preemption to these routine state-law personal injury claims is irreconcilable with Hodges's recognition that Congress preserved traditional state-law remedies for personal injuries," the passengers wrote.