CrowdStrike executive apologises for software update error causing global IT outage

Adam Meyers, a senior executive from cybersecurity firm CrowdStrike, apologised before a U.S. House of Representatives subcommittee for a software update error that caused a global IT outage in July. Meyers, the company's senior vice president for counter adversary operations, explained that a faulty content configuration update in its Falcon Sensor security software led to system crashes across the globe.

The outage, which took place on July 19, affected several industries worldwide, including airlines, banks, healthcare, media, and hospitality. Internet services were also disrupted, affecting around 8.5 million Microsoft Windows devices. Delta Air Lines was particularly impacted, cancelling 7,000 flights and affecting 1.3 million passengers. Delta claims the outage cost them $500 million and has threatened legal action against CrowdStrike, though the cybersecurity company disputes the airline's claims of responsibility for the massive flight disruptions.

According to Meyers, the issue wasn't the result of a cyberattack or artificial intelligence (AI) mishap. The root cause was a miscommunication between the new threat detection configurations and the Falcon sensor’s rules engine. The faulty update caused the sensors on Microsoft Windows devices to malfunction, leading to widespread disruption until the configurations were corrected.

Meyers assured the U.S. Homeland Security Cybersecurity and Infrastructure Protection subcommittee that CrowdStrike is committed to preventing such incidents from occurring again. The company has launched a thorough review of its systems and is updating its procedures to strengthen its content updates. Meyers said, "We are deeply sorry this happened and we are determined to prevent this from happening again."

The fallout from the July outage has been significant for CrowdStrike. Last month, the company cut its revenue and profit forecasts, citing ongoing challenges related to the faulty update. Meyers admitted that it would take about a year for the company to recover from the incident fully.

Representative Mark Green, who chairs the Homeland Security Committee, described the incident as "a catastrophe that we would expect to see in a movie," emphasising the severity of the disruption.