News AI
July 24th, 2024

CrowdStrike global outage to cost US Fortune 500 companies $5.4B

A global technology outage from a faulty CrowdStrike update is estimated to cost US Fortune 500 companies $5.4 billion, affecting banking, healthcare, and airlines, with significant operational disruptions reported.

Read original articleLink Icon
CrowdStrike global outage to cost US Fortune 500 companies $5.4B

A global technology outage caused by a faulty update from CrowdStrike is projected to cost US Fortune 500 companies approximately $5.4 billion, with banking, healthcare, and major airlines expected to incur the most significant losses. The incident, described as one of the largest IT failures in history, resulted in thousands of flight cancellations, disruptions in hospitals, and failures in payment systems worldwide. The update affected 8.5 million Windows machines, leading to widespread operational failures. CrowdStrike, a major cybersecurity firm, has seen its stock value drop by about 22% since the incident and has apologized for the crisis. The company plans to enhance its software testing protocols and implement gradual rollouts of updates to prevent similar occurrences in the future. An in-depth report on the outage's causes is expected to be released soon. Delta Air Lines, in particular, has faced ongoing challenges, with hundreds of flights canceled or rescheduled, prompting an investigation by the US Department of Transportation into its response to the situation. The outage highlights the vulnerabilities in modern technology systems, where a single faulty update can have far-reaching consequences across various industries.

Related

Microsoft/Crowdstrike outage ground planes, banks and the London Stock Exchange

Microsoft/Crowdstrike outage ground planes, banks and the London Stock Exchange

A cybersecurity program update failure caused global disruptions affecting businesses and services like United Airlines, McDonald’s, and the London Stock Exchange. Microsoft and CrowdStrike faced issues, but the problem was resolved without a cyberattack. CrowdStrike's shares dropped 20%, and Microsoft's fell 2.9%. The incident, involving Windows and security software, is one of the largest IT outages, surpassing past disruptions.

Global IT Collapse Puts Cyber Firm CrowdStrike in Spotlight

Global IT Collapse Puts Cyber Firm CrowdStrike in Spotlight

A faulty patch from CrowdStrike Holdings Inc. caused a global IT collapse, impacting various sectors. CrowdStrike's shares dropped by 15%, losing $8 billion. The incident emphasized the importance of endpoint protection software.

Microsoft has serious questions to answer after the biggest IT outage in history

Microsoft has serious questions to answer after the biggest IT outage in history

The largest IT outage in history stemmed from a faulty software update by CrowdStrike, impacting 70% of Windows computers globally. Mac and Linux systems remained unaffected. Concerns arise over responsibility and prevention measures.

2024 CrowdStrike incident: The largest IT outage in history

2024 CrowdStrike incident: The largest IT outage in history

A faulty update by CrowdStrike led to a global computer outage affecting airlines, banks, hospitals, and government services. Over 3,200 flights were canceled, emphasizing the need for strong cybersecurity.

Global CrowdStrike Outage Proves How Fragile IT Systems Have Become

Global CrowdStrike Outage Proves How Fragile IT Systems Have Become

A global software outage stemming from a faulty update by cybersecurity firm CrowdStrike led to widespread disruptions. The incident underscored the vulnerability of modern IT systems and the need for thorough testing.

Link Icon 25 comments
By @BillSaysThis - 4 months
$5.4B seems way too low given the number of flights Delta cancelled and will be on the hook to refund.

https://www.washingtonpost.com/transportation/2024/07/23/del...

By @solardev - 4 months
How does a company this big not have automated tests for their config files, and not have gradual/staggered rollouts for their deployments?

Is there some good reason for this approach (need to get config updates into the wild as quickly as possible to combat zero-days or zero-hours?) or was this just a massive oversight?

Side rant... their postmortem took forever to get to the point, first explaining all their jargon and product names. Makes me really appreciate the Cloudflare ones.

By @mrinterweb - 4 months
Can't wait for the class action lawsuit. The total impact is likely greater than $5.4B. A significant number of people must have died due to the impact this had on hospitals and emergency services.
By @ram_rar - 4 months
Can someone with a background in contract negotiation, vendor onboarding, and business continuity risk management share their expertise? We'd love to hear about typical vendor contract provisions that protect customers in situations like this.

If damages can be demonstrated, what are the chances of airlines successfully claiming compensation? Or, in practice, do such cases usually result in significant discounts during the next contract renewal rather than actual damages paid out?

By @Havoc - 4 months
Don't worry...they're handing out $10 vouchers to make up for it

https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-ap...

By @betaby - 4 months
Well, 'security' check boxes have consequences.
By @logicchains - 4 months
Hopefully this will make BigCos think twice about forcing their employees to fill their computers with "security" malware that slows productivity to a crawl.
By @mberning - 4 months
I think this is going to be a huge boon for dell. We had so many older computers that got completely hosed. Lots of Latitude 5400s died completely. All will need replacements.
By @sandworm101 - 4 months
Does anyone else feel a little sympathy for CrowdStrike? They pushed out something they should not have. OK. That is bad. But a couple days on and the bulk of the difficulties seem to be from how windows handled the situation: The BSODs, the boot loops, the inability to recover from a basic fault. I feel that if this did happen in a linux environment (it could) that it would be easier to isolate and boot systems into some sort of temporary mode. Linux would communicate and offer options. The windows-specific trend of just abandoning all hope, giving up and throwing the BSOD at the user ... CrowdStrike didn't create that.
By @ajma - 4 months
But they apologized with a $10 gift card.

Soo. $5.4B - $10

By @Thaxll - 4 months
Imagine Apple / Google pushing an update that bricked 2b+ mobile devices.
By @throw7 - 4 months
The preliminary post incident review is here:

https://www.crowdstrike.com/falcon-content-update-remediatio...

It boils down to the "Content Validator" had a bug and gave a false positive.

It's kind of crazy that the 'rapid response content' update was then free to go out direct to production machines with zero actual live testing.

That's either due to c-suite excel cost-cutting/maximize profit or silicon valley yolo.

By @gkuhl21 - 4 months
Is Chaos Engineering an appropriate preventative measure for this sort of thing?
By @mike503 - 4 months
That's a lot of $10 (non functional) Uber eats cards
By @lnxg33k1 - 4 months
So, here's 10 bucks, we good?
By @bdcravens - 4 months
Bankruptcy coming ....
By @monksy - 4 months
"We can't hold back releases from going into prod.. we have to deliver"

"We don't have enough time to write tests"

"Developers should be able to test their own code"

By @leandrod - 4 months
Free just got cheaper.

Yeah, I know using free software isn’t a panacea. Still it would be a step in the right direction, plus I could not refrain from the cheap shot at M$ Windows.

By @nottorp - 4 months
It's my understanding that CrowdStrike customers buy that thing to check a box in some security audit, not because it provides any other benefit.

Let's blame bullshit compliance?

By @paxys - 4 months
Today in "random number pulled out of someone's ass"
By @xedrac - 4 months
Looks good on a resume:

- Wrote code responsible for $5.4 billion

By @LASR - 4 months
I’m pretty certain CS has contracts that limit their liabilities in events like this.

Probably a refund is all they’ll be on the hook for.

Sadly, damage done like this is just chalked up to an accident, and swept under the rug.