Y24K: Three Days After the Biggest IT Outage in History
A single file in a defective software update caused a global IT outage that disrupted airports, banks, hotels, trains, hospitals, and more.
Sign up for smart news, insights, and analysis on the biggest financial stories of the day.
On Friday, a single computer file buried in a defective software update caused a global IT outage that disrupted airports, banks, 911 services, hotels, trains, hospitals, restaurants, governments, and maybe even your afternoon with the so-called Blue Screen of Death.
“This is basically what we were all worried about with Y2K, except it’s actually happened this time,” said web security expert Troy Hunt. Here’s what we know going into the week after Y24K.
Harm, Foul
CrowdStrike is an Austin-based cybersecurity firm with a $74 billion market cap that says it services over half the companies on the Fortune 1000 (both numbers potentially subject to downward revision). On Friday, CrowdStrike released an update to a cloud-based threat detection software for Microsoft Windows operating systems.
And then, disaster. The update, which doesn’t seem to have been adequately tested, crashed millions of Windows devices, taking down IT systems worldwide. Thousands of flights were delayed or canceled, thousands of shipments were grounded. Hospitals worked on paper and canceled surgeries, TV stations went off the air. And it’s not over:
- CrowdStrike issued a fix, though it’s not yet available to all devices (CrowdStrike says an automatic fix is “close”). Microsoft, which said 8.5 million devices were affected, released its own tool on Saturday to help users resolve the issue.
- Experts expect it will take weeks for systems to fully recover: The UK National Health Service said Saturday that doctor appointments may be canceled this week, and over a thousand US flights were canceled on Sunday. Needless to say, the outage will cost the global economy billions, though it could amount to a blip — while CrowdStrike shares tanked 11% Friday, the Dow, S&P 500, and Nasdaq all slipped less than 1%.
Unwanted Attention: “These incidents reveal how concentration can create fragile systems,” tweeted Federal Trade Commission chair Lina Khan. Last year, the FTC solicited comments on “the business practices of major cloud providers” — even if CrowdStrike’s blunder is an economic blip, it could be a regulatory squeeze if the agency takes another look at that file.