The IT outage that caused chaos around the world on Friday hit airports, health services and businesses in the “biggest outage in history” and experts said it could take weeks for services to be fully restored.
A botched software upgrade for Microsoft’s Windows operating system has led to the cancellation of flights and hospital appointments, payroll systems being halted and television channels being taken off the air.
The attack, launched by US cybersecurity firm CrowdStrike, left employees’ computers unable to boot up and hit a “blue screen of death,” with experts saying any affected computers may have to be repaired manually.
In the UK, Whitehall crisis managers were coordinating the response through the Cobra Committee, and ministers were in contact with industry to deal with the impact of the IT outage, with Transport Secretary Louise Hague saying they were “working in lockstep with industry” after trains and flights were affected.
Many people are affected by today’s IT outage which is affecting services across the country and around the world.
Ministers are working with departments and industry on this issue.
I am in close contact with the team coordinating the response through the COBR response system.
— Pat McFadden (@patmcfaddenmp) July 19, 2024
“}}”>
Many people are affected by today’s IT outage which is affecting services across the country and around the world.
Ministers are working with departments and industry on this issue.
I am in close contact with the team coordinating the response through the COBR response system.
— Pat McFadden (@patmcfaddenmp) July 19, 2024
A Microsoft spokesperson said: “We are aware of an issue affecting Windows devices caused by a third-party software platform update. We expect a resolution to be available shortly.”
CrowdStrike acknowledged that the outage was caused by a software update to its products and not a cyberattack. “We deeply apologize for the impact this has had on our customers,” said CrowdStrike founder and CEO George Kurtz, adding that there was “adverse interaction” between the update and Microsoft’s operating system.
CrowdStrike’s shares fell sharply throughout the day, dropping as much as 13% at one point in trading.
Govia Thameslink Rail (GTR), parent company of Southern, Thameslink, Gatwick Express and Great Northern, warned passengers to expect delays. Service monitoring website Downdetector said users in the UK had reported issues with Visa, BT, major supermarket chains, banks, online gaming platforms and media.
In the UK, Sky News and CBBC channels were also temporarily taken offline before resuming broadcasts, while Australia’s ABC was also affected.
In financial services, Metro Bank reported problems with phone lines in the UK, Santander said card payments “may be affected”, Monzo said some customers were reporting problems, some bankers at JP Morgan were unable to log on to its systems and the London Stock Exchange said it was having problems with its news service.
Leading cybersecurity consultant Troy Hunt said the scale of the IT outage was unprecedented.
“I don’t think it’s too early to say that this is going to be the biggest IT outage in history.” he tweeted.
“This is basically what we all worried about during Y2K, but this time it actually happened,” he added – a reference to the Millennium Bug, which worried IT professionals in the run-up to the year 2000 but ultimately caused no serious damage.
The UK’s chartered IT body BCS said that while some fixes will be easy to implement, it could take days or even weeks for systems to be restored.
“In some cases, fixes can be applied very quickly,” says BCS fellow Adam Leon Smith, “but if the computer responds by blue-screening or going into an infinite loop, recovery can be difficult and take days or weeks.”
Alan Woodward, a professor of cybersecurity at the University of Surrey, said the fix required manually rebooting affected machines, a step “most ordinary users wouldn’t know how to do.” Organizations with thousands of PCs spread across different locations faced a tougher challenge, he added.
“It’s simply a matter of numbers. Depending on the organization, it could take several weeks,” he said.
Among the companies affected on Friday was Europe’s largest airline Ryanair, which said on its website that “a global third-party system outage may cause disruptions across our network… We advise passengers to arrive at the airport three hours before their flight to avoid disruptions.”
Heathrow, Europe’s largest airport, said it was “working hard” to get passengers “to their destinations”.
A Heathrow spokesman said: “We continue to work with airport colleagues to minimise the impact of the global IT outage on passenger journeys. Flights continue to operate and passengers are advised to check with their airline for the latest flight information.”
In the United States, flights were grounded due to what is believed to be a communications outage. Affected airlines include American Airlines, Delta Air Lines and United Airlines. Berlin airport temporarily suspended all flights on Friday. Aviation analytics firm Cirium said 4,295 flights were canceled worldwide on Friday, or 3.9% of scheduled flights, including 143 flights from the UK.
General practitioners in England said they were unable to access patient records or make appointments. Clinics reported on social media that they couldn’t access the EMIS web system. 999 services were said to be unaffected by the outage, but the Royal Surrey NHS Trust in southern England said: Declared A serious incident has led to the cancellation of scheduled radiotherapy appointments for Friday morning, with the British Pharmaceutical Association confirming that services across England may be affected.
A spokesman for Keir Starmer added that they were not aware of any impact the issue had on government services but were aware it was having a wider impact.
Israel’s Health Ministry said a “global outage” was affecting 16 hospitals, while in Germany, the University Hospital of Schleswig-Holstein in northern Germany said it had cancelled all scheduled operations in Kiel and Lubeck.
Portland, Oregon, Mayor Ted Wheeler issued a state of emergency, saying the power outage affected vital city services, including emergency communications.
Obviously it’s not on air, but I’m working hard 🤞Sky News breakfast pic.twitter.com/ZKvVacRgUY
— Jackie Beltrao (@SkyJacquie) July 19, 2024
“}}”/>
Alan Woodward of the University of Surrey said the outage was caused by an IT product called CrowdStrike Falcon, which monitors the security of large PC networks and downloads monitoring software onto each machine.
“This product is used by large organisations with huge numbers of PCs to keep an eye on them all. Unfortunately, if they lost all of their PCs, they would either not be able to do business or their service levels would be severely degraded,” Woodward said.
Stephen Murdoch, professor of security engineering at University College London, said many organisations may struggle to implement fixes quickly.
“Because the problems occur before the computer is connected to the internet, there’s no way to fix the problem remotely – someone has to go in and fix the problem,” Murdoch said, adding that businesses and organisations that have reduced their IT staff or outsourced IT tasks will be hindered in their ability to address the issues.
But Ciaran Martin, former chief executive of the National Cyber Security Centre, said that unlike hostile cyber attacks, the problem had already been identified and solutions put forward.
“Recovery is about bouncing back, not overcoming a situation. I don’t think there will be much in the news this time next week in terms of ongoing disruption,” he said.
CrowdStrike President George Kurtz said the incident was “Flaw discovered in single content update for Windows hostsHe added: “This is not a security incident or cyber attack. The issue has been identified, isolated and a fix has been deployed.”
The problems for US companies were exacerbated by problems with Microsoft’s cloud-computing business, Azure, on Thursday.
