25 September 2024

CrowdStrike boss apologises over global IT outage

25 September 2024

Cybersecurity firm CrowdStrike has again apologised for the global IT outage sparked by a flawed update, as a company executive faced questions from legislators in the US.

Adam Meyers, a senior vice president at the firm, told the House of Representatives cybersecurity subcommittee that the company was “deeply sorry” and “determined to prevent this from ever happening again”.

The July incident, sparked by a flawed software update rolled out by the US firm, crippled around eight and a half million computers running Microsoft software, which brought businesses and infrastructure to a standstill.

Giving evidence to US legislators, Mr Meyers said: “We appreciate the incredible round-the-clock efforts that our customers and partners who, working alongside our teams, mobilised immediately to restore systems.

“We were able to bring many customers back online within hours. I can assure that we continue to approach this with a great sense of urgency.”

The committee members pressed Mr Meyers on how the incident occurred in the first place, with legislators likening its impact to that of a well-planned, sophisticated cyber attack, but instead had happened because of a “mistake” inside CrowdStrike’s software.

In its analysis of the outage published in the aftermath of the incident, CrowdStrike said an “undetected error” in a software update sparked the problem, with a bug in the firm’s content validation system meaning “problematic content data” was not spotted and then allowed to roll out to Microsoft Windows customers, causing the crash.

Mr Meyers said the cybersecurity firm would continue to share “lessons learned” from the incident to ensure it did not happen again.

Some watchers noted that the committee hearing did not see CrowdStrike face such an intense grilling as other tech executives have been subjected to in recent years, with those at the hearing instead placing an emphasis firms working with committees and government to prevent future incidents of a similar nature.

However, CrowdStrike still faces a number of lawsuits from people and businesses impacted by the outage – it has been sued by its own shareholders as well as by US aviation giant Delta Airlines after it cancelled thousands of flights because of the system shutdown.

In the UK, the CrowdStrike outage left GPs unable to access the digital system to manage appointments or view patient records, as well as send prescriptions to pharmacies – which were also widely impacted – forcing doctors to return to using pen and paper.

Meanwhile flights were cancelled or delayed and passengers left stranded as airline systems were knocked offline or staff were forced to handwrite boarding passes and luggage tags.

Many small businesses also reported a substantial impact on their income, with some saying their websites being knocked offline by the incident cost them hundreds or even thousands of pounds in sales.

The best videos delivered daily

Watch the stories that matter, right from your inbox