CrowdStrike boss apologises over global IT outage

25 September 2024, 10:44

The home page of Cybersecurity firm CrowdStrike (PA)
IT outages. Picture: PA

A senior executive from the cybersecurity firm appeared before a committee at the US Congress to answer questions about the July incident.

Cybersecurity firm CrowdStrike has again apologised for the global IT outage sparked by a flawed update, as a company executive faced questions from legislators in the US.

Adam Meyers, a senior vice president at the firm, told the House of Representatives cybersecurity subcommittee that the company was “deeply sorry” and “determined to prevent this from ever happening again”.

The July incident, sparked by a flawed software update rolled out by the US firm, crippled around eight and a half million computers running Microsoft software, which brought businesses and infrastructure to a standstill.

Earns CrowdStrike
A CrowdStrike office in California (Haven Daley/AP)

Giving evidence to US legislators, Mr Meyers said: “We appreciate the incredible round-the-clock efforts that our customers and partners who, working alongside our teams, mobilised immediately to restore systems.

“We were able to bring many customers back online within hours. I can assure that we continue to approach this with a great sense of urgency.”

The committee members pressed Mr Meyers on how the incident occurred in the first place, with legislators likening its impact to that of a well-planned, sophisticated cyber attack, but instead had happened because of a “mistake” inside CrowdStrike’s software.

In its analysis of the outage published in the aftermath of the incident, CrowdStrike said an “undetected error” in a software update sparked the problem, with a bug in the firm’s content validation system meaning “problematic content data” was not spotted and then allowed to roll out to Microsoft Windows customers, causing the crash.

Mr Meyers said the cybersecurity firm would continue to share “lessons learned” from the incident to ensure it did not happen again.

Some watchers noted that the committee hearing did not see CrowdStrike face such an intense grilling as other tech executives have been subjected to in recent years, with those at the hearing instead placing an emphasis firms working with committees and government to prevent future incidents of a similar nature.

However, CrowdStrike still faces a number of lawsuits from people and businesses impacted by the outage – it has been sued by its own shareholders as well as by US aviation giant Delta Airlines after it cancelled thousands of flights because of the system shutdown.

In the UK, the CrowdStrike outage left GPs unable to access the digital system to manage appointments or view patient records, as well as send prescriptions to pharmacies – which were also widely impacted – forcing doctors to return to using pen and paper.

Meanwhile flights were cancelled or delayed and passengers left stranded as airline systems were knocked offline or staff were forced to handwrite boarding passes and luggage tags.

Many small businesses also reported a substantial impact on their income, with some saying their websites being knocked offline by the incident cost them hundreds or even thousands of pounds in sales.

By Press Association

More Technology News

See more More Technology News

Google screen

Google brings more AI to search engine in ‘significant’ update

UK Information Commissioner John Edwards

Accountability comes in many forms – Information Commissioner

The ChatGPT website

OpenAI raises £5 billion in largest ever funding round

A woman using a laptop as she holds a bank card

Meta partners with UK banks to combat fraud

The word Google in white on dark glass at the company's offices

Google breached TV company trademark through YouTube Shorts service, court told

The Vodafone logo on a smartphone

Vodafone and Three UK promise £10-a-month price cap for some mobile deals

An Asda store

Asda apologises after stores open later than planned due to till issue

The game developer has been fighting big tech firms for years over anti-competitive behaviour on their app stores (AP)

Epic Games sues Google and Samsung over anti-competition collusion claims

A woman using a mobile phone

Nearly a quarter of adults feel digitally excluded, survey finds

Minister for Justice Helen McEntee

Internet companies could face huge fines over content glorifying terrorism

GCHQ

UK issues alert over threat from cyber attackers working for Iranian state

An Amazon sign at the fulfillment centre in Hemel Hempstead, Hertfordshire

Competition regulator clears Amazon’s partnership with AI firm Anthropic

Meta logo on sign outside building

Meta fined 91m euro over password breach

Revolut, Chase and Modulr have agreed to join the 159 short-code phone service that people can call to speak to their bank when they are worried about a potential scam (Yui Mok/PA)

Revolut, Chase and Modulr agree to join 159 anti-scam service

Network Rail ‘cyber security incident’

Man arrested after cyber vandalism hit wifi at UK’s biggest railway stations

Passengers waiting for trains at London King’s Cross Station

‘Cyber vandalism’ shuts down wifi at 19 Network Rail stations