CrowdStrike boss apologises over global IT outage

A senior executive from the cybersecurity firm appeared before a committee at the US Congress to answer questions about the July incident.

Martyn Landi
Wednesday 25 September 2024 10:40 BST
The home page of Cybersecurity firm CrowdStrike (PA)
The home page of Cybersecurity firm CrowdStrike (PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Cybersecurity firm CrowdStrike has again apologised for the global IT outage sparked by a flawed update, as a company executive faced questions from legislators in the US.

Adam Meyers, a senior vice president at the firm, told the House of Representatives cybersecurity subcommittee that the company was “deeply sorry” and “determined to prevent this from ever happening again”.

The July incident, sparked by a flawed software update rolled out by the US firm, crippled around eight and a half million computers running Microsoft software, which brought businesses and infrastructure to a standstill.

Giving evidence to US legislators, Mr Meyers said: “We appreciate the incredible round-the-clock efforts that our customers and partners who, working alongside our teams, mobilised immediately to restore systems.

“We were able to bring many customers back online within hours. I can assure that we continue to approach this with a great sense of urgency.”

The committee members pressed Mr Meyers on how the incident occurred in the first place, with legislators likening its impact to that of a well-planned, sophisticated cyber attack, but instead had happened because of a “mistake” inside CrowdStrike’s software.

In its analysis of the outage published in the aftermath of the incident, CrowdStrike said an “undetected error” in a software update sparked the problem, with a bug in the firm’s content validation system meaning “problematic content data” was not spotted and then allowed to roll out to Microsoft Windows customers, causing the crash.

Mr Meyers said the cybersecurity firm would continue to share “lessons learned” from the incident to ensure it did not happen again.

Some watchers noted that the committee hearing did not see CrowdStrike face such an intense grilling as other tech executives have been subjected to in recent years, with those at the hearing instead placing an emphasis firms working with committees and government to prevent future incidents of a similar nature.

However, CrowdStrike still faces a number of lawsuits from people and businesses impacted by the outage – it has been sued by its own shareholders as well as by US aviation giant Delta Airlines after it cancelled thousands of flights because of the system shutdown.

In the UK, the CrowdStrike outage left GPs unable to access the digital system to manage appointments or view patient records, as well as send prescriptions to pharmacies – which were also widely impacted – forcing doctors to return to using pen and paper.

Meanwhile flights were cancelled or delayed and passengers left stranded as airline systems were knocked offline or staff were forced to handwrite boarding passes and luggage tags.

Many small businesses also reported a substantial impact on their income, with some saying their websites being knocked offline by the incident cost them hundreds or even thousands of pounds in sales.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in