Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - US
The Guardian - US
Technology
Blake Montgomery and Johana Bhuiyan

CrowdStrike apologizes for global IT outage in congressional testimony

people walking by row of blue screens
Screens show a blue error message at LaGuardia airport in New York, on 19 July 2024. Photograph: Yuki Iwamura/AP Photo

A CrowdStrike senior executive apologized for causing a global software outage that ground the operations of hospitals, airports, payment systems and personal computers around the world to a halt in July.

Adam Meyers, senior vice-president for counter-adversary operations at CrowdStrike, testified before Congress on Tuesday. Meyers will speak to the House homeland security cybersecurity and infrastructure protection subcommittee. In his testimony, he said: “I am here today because, just over two months ago, on July 19, we let our customers down … On behalf of everyone at CrowdStrike, I want to apologize.” He will say the company has undertaken “a full review of our systems” to prevent the cascade of errors from occurring again.

The global software outage, which delayed flights and medical procedures and caused computers worldwide to display Microsoft’s famous “blue screen of death”, was first thought to be the result of a sophisticated and malicious cyber-attack against the maker of Windows. The actual explanation, however, brought to mind Hanlon’s razor: CrowdStrike had published an update to its Falcon sensor software, meant to detect and contain cybersecurity threats, which crashed roughly 8.5m computers running Windows instead.

Meyers said the company was taking full responsibility for the crashes: “The July 19 incident stemmed from a confluence of factors that ultimately resulted in the Falcon sensor attempting to follow a threat-detection configuration for which there was no corresponding definition of what to do.”

Meyers said the company has implemented some changes that should prevent an outage from happening at this scale again. For instance, CrowdStrike will no longer roll out its software updates globally to all customers in a single session. The company is also allowing customers to select when they receive their updates; they can wait to be among the second- or third-round clients who receive the update.

They can even choose to hold off on an update, though that could make them more vulnerable to security beaches because they won’t have the most up-to-date threat assessment, Meyers warned.

CrowdStrike’s products rank among the world’s most widely used cybersecurity software. The company has boasted on its site that it protects more than half of America’s Fortune 1,000 companies. After the disastrous, botched update, however, it lost tens of billions of dollars in market value, and its CEO has conducted a months-long apology tour.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.