CrowdStrike outage: Company apologises for global impact on flights, banks and Microsoft

A cyber security company blamed for a massive global IT failure apologised for a "defect" on Friday that grounded planes, knocked out TV broadcasts and affected banks, hospitals and financial markets. CrowdStrike 's faulty software update is believed to have sparked the chaos that led to Microsoft computers crashing, card machines breaking, Sky News going off air and traders waiting in vain for stock exchange news. The US company's president and chief executive George Kurtz said a "fix has been deployed", requiring each user to reboot individually amid outages in the Middle East, Asia, the US, Europe and Australia. "I want to sincerely apologise directly to all of you for today’s outage," Mr Kurtz said in a letter to company customers and partners. "All of CrowdStrike understands the gravity and impact of the situation." The chief executive said that employees were on hand to respond to the outage and evaluate how it occurred. Mr Kurtz said in posts on X that the failure was not a security incident or cyber attack, and vowed to be transparent about "the steps we're taking to prevent anything like this from happening again". Flights were delayed around the globe, with airlines such as Turkish Airlines, Air France, KLM, Delta and Ryanair and hubs in Berlin, London and Amsterdam among those affected at the peak of summer travel season. Dubai International Airport said it was operating normally after some airlines faced check-in problems. The UAE Ministry of Foreign Affairs said its electronic systems were affected and told customers not to make transactions. The UAE's Telecommunications And Digital Government Regulatory Authority said there was a “technical defect” with CrowdStrike. “We advise users of the program to be patient and not perform any updates or downloads of CrowdStrike software until the problem is resolved,” it said. UAE citizens and residents were advised to contact airlines before travelling. Meanwhile, the UAE Cyber Security Council recommended updating Google Chrome browsers to the latest version. Toby Murray, a cyber security expert in Australia, told The National that the cause appeared to be “a faulty update that was deployed to the CrowdStrike Falcon software, which is ubiquitous in large cyber-security-conscious organisations”. He said Falcon, which monitors computers for threats, is “a pretty privileged piece of software in that it is able to influence how the computers it is installed on behave”. Mr Kurtz in his letter to customers said that "this issue does not affect our Falcon platform systems". "There is no impact to any protection if the Falcon sensor is installed. Falcon Complete and Falcon OverWatch services are not disrupted." CrowdStrike “is a market leader for good reason, because of the effectiveness of their technology” but developers “need to implement careful practices for making sure the updates they are deploying won’t cause harm”, Mr Murray said. Dan Coatsworth, an investment analyst at AJ Bell, said the severity of the problem “boils down to how long it lasts”. “A few hours’ disruption is unhelpful but not a catastrophe. Prolonged disruption is another matter, potentially causing damage to companies and economies,” he said. “So far, investors have not shown any panic. Whether that remains the case as the day goes on is another matter.” Troy Hunt, the creator of the security check website Have I Been Pwned, said the issue was not with Microsoft itself but with the CrowdStrike software. The outage is “basically what we were all worried about with Y2K”, the so-called millennium bug, he said, “except it's actually happened this time”. Microsoft said it was “aware of an issue affecting Windows devices due to an update from a third-party software platform". "We are aware of this issue and are working closely with CrowdStrike and across the industry to provide customers technical guidance and support to safely bring their systems back online," Microsoft chief executive Satya Nadella said in a statement on X. The CrowdStrike president said the faulty update was confined to Windows software and did not affect Mac or Linux users. Shares in both companies were down but traders generally remained calm. As users encountered a “blue screen of death” worldwide: · Users reported service problems with Visa and Amazon on the website DownDetector, while payment problems hit supermarkets and currency exchanges were affected in Hong Kong · Germany said “critical infrastructure” was affected, as two hospitals cancelled elective operations scheduled for Friday. Some UK doctors could not make appointments, and emergency call centres were down in Alaska · Manchester United said it was postponing the release of football tickets, as several other clubs reported problems. The Paris 2024 Olympic organisers said their IT systems were hit · Rail problems added to the travel chaos, with Britain’s biggest train company warning passengers to expect disruption due to “widespread IT issues”. It was not immediately clear whether all reported disruptions were linked to CrowdStrike problems or there were other issues at play, amid interruptions to Microsoft’s Azure and Office 365 services. Azure, Microsoft's cloud platform, said machines running Windows and CrowdStrike were getting stuck in a “restarting state”. It said it was investigating. Russian banks and currency traders said they were having few problems, after Moscow was partly cut off from global markets under sanctions. In the UK, Sky News was knocked off air before returning with limitations. Britain’s biggest train company warned passengers to expect disruption due to “widespread IT issues”. The London Stock Exchange said that its Regulatory News Service was affected due to a “third-party global technical issue”. Richard Hunter, head of markets at Interactive Investor told The National that prices and indices on the London Stock Exchange “are now updating”, but not news stories. In the US, the Federal Aviation Administration said the airlines United, American, Delta and Allegiant had all been grounded. A representative for Dubai Airports said Dubai International was “operating normally” after the system failure affected check-in for some airlines. They said the companies affected had switched to an alternate system. Budget airline Ryanair was affected, as were some of Europe's biggest airports in Berlin and Amsterdam. Widespread problems were reported at Australian airports, where queues grew as online check-in services and self-service booths were disabled. Five Indian airlines announced disruptions to their booking systems on Friday. National carrier Air India said its systems had been “impacted temporarily due to the current Microsoft outage”, causing delays. Budget operator SpiceJet said it had reverted to manual check-ins and boarding after “technical challenges”. John Strickland, an aviation expert at JLS Consulting, said it was a “major challenge to return to normality” when airlines had curtailed “all or sizeable parts of their operations”. “For the Northern European and North Atlantic markets, this is peak season and costs will run to millions of dollars,” he said. All airports in Spain were experiencing “disruptions” from the IT failure, the airport operator Aena said. Hong Kong's airport also said some airlines had been affected, linking the disruption to a Microsoft service interruption.

CrowdStrike outage: Company apologises for global impact on flights, banks and Microsoft

Cyber security provider for Microsoft admits responsibility for 'defect' blamed for bringing IT systems to standstill worldwide