In what is being described as the most catastrophic IT failure in history, a faulty software update from cybersecurity firm CrowdStrike Holdings Inc. caused widespread crashes in Microsoft Windows systems around the world on Friday.
Both Microsoft and CrowdStrike have implemented fixes, and systems are gradually coming back online. However, for several hours, essential services were disrupted: bankers in Hong Kong, doctors in the UK, and emergency responders in New Hampshire found themselves unable to access crucial programs. The recovery process is ongoing, with some businesses facing continued disruptions as tech teams work to manually reboot systems and remove corrupted files.
“This is unprecedented,” said Alan Woodward, a cybersecurity professor at Surrey University. “The economic impact is going to be enormous.”
The failure highlights a critical vulnerability in global supply chains: many major industries rely heavily on a few obscure software vendors, which are becoming single points of failure. Recent months have seen hackers exploit this dependency, targeting vendors to disrupt entire sectors and governments.
Adding to the chaos, Microsoft faced a separate, seemingly unrelated issue with its Azure cloud service on Thursday, which lasted several hours. By Friday afternoon, the company announced that all Microsoft 365 apps and services had been restored.
By Friday morning in New York, many systems were beginning to recover. CrowdStrike CEO George Kurtz reported early in the day that the issue had been identified and a fix deployed. This fix involves rebooting Windows machines and manually removing problematic files—a labor-intensive process often requiring IT professionals with administrative access. Many of these professionals struggled to perform these tasks remotely while dealing with system crashes.
The fallout from the incident was significant, with CrowdStrike’s shares plummeting 11% to $304.96, erasing over $9 billion in market value—the largest single-day drop since November 2022. Microsoft’s shares fell slightly, by less than 1%, to $437.11.
This incident dwarfs previous outages. For example, in 2017, Amazon’s cloud service outage affected tens of thousands of websites. In 2021, Fastly’s content delivery network issues disrupted several major media websites. This CrowdStrike failure, impacting airlines, banks, and healthcare systems, is considered the largest IT outage in history, according to security consultant Troy Hunt.
As recovery efforts continue, scammers have already exploited the situation by creating fraudulent websites claiming to offer restoration services for the affected systems.
Impact on Airlines
Airports from Berlin to Delhi experienced delays, cancellations, and stranded passengers during a peak travel period. FlightAware reported over 21,000 delayed flights globally, with travel disruptions expected to persist.
United Airlines and Delta Air Lines gradually resumed operations on Friday. American Airlines and Spirit Airlines had temporarily grounded flights. The Federal Aviation Administration is monitoring the situation closely.
Impact on Finance
The London Stock Exchange Group resolved an issue that had prevented it from publishing news via its RNS service. Financial institutions, including JPMorgan Chase, Nomura Holdings, and Bank of America, were forced to use backup systems. JPMorgan Chase ATMs and teller stations were affected, though most have since been restored. Marsh, the world’s largest insurance brokerage, reported that many clients are preparing to file claims.
Impact on Healthcare
Critical infrastructure was severely disrupted. The UK’s National Health Service faced issues accessing patient data. Memorial Sloan Kettering Cancer Center and Mass General Brigham in Boston reported that the outage affected patient care. Hospitals in Europe had to close clinics and cancel procedures. Emergency services in New York and New Hampshire also experienced disruptions.
Impact on Automakers
Renault halted production at its Maubeuge and Douai plants due to supply chain issues caused by the outage. Tesla CEO Elon Musk announced on Friday that the company had removed CrowdStrike software from its systems, citing disruptions in the automotive supply chain.
Impact on Government Agencies
U.S. federal agencies, including the FBI and Department of Justice, were affected by the outage. Employees encountered the infamous “blue screen of death” on their Windows systems. The most significant impacts were on healthcare, state and local police, some Department of Energy sites, and the .gov domain. Airlines and banks are recovering, but the extent of the damage is still being assessed.
This historic IT failure underscores the critical need for robust, resilient IT infrastructure and contingency planning to mitigate the effects of such widespread disruptions.