Almost all businesses ranging from airlines to healthcare, financial markets and govt agencies running Microsoft computers experienced an unprecedented IT outage that the world has never witnessed before in Thursday and Friday.
Numerous fights were delayed or cancelled. Banks were not able to give out money. Some retailers had to close stores, some had notices stating they only received cash payments as people across the globe encountered the largest ever IT crash.
Major operational disruptions hit broadcast firms, banks, airports, transport hubs among other places. Several hundred flights got canceled with Australia to US and UK and India’s terminals becoming scenes of confusion.
The world is still struggling to come to terms with the extent of the disruption as reports indicate that operation at various places are yet to be normalized. The initial fear of a cyberattack was proved wrong when investigations revealed that it began with a software update by US cybersecurity company CrowdStrike. This company provides security solutions for organizations using Microsoft’s Windows platform which is popularly used worldwide. Falcon Sensor, CrowdStrike’s software, aims at securing computer systems from potential malware intrusion. Nonetheless, this began when its most recent update for Windows OS computers had a fault.
Those who logged into their systems saw what is called Blue Screen of Death (BSOD), which is an error message displayed when an operating system comes across a critical problem it cannot recover from.
Within hours of being identified by Microsoft and Crowdstrike; however these fixes needed manual intervention on already impacted systems. However since there could not be enough IT staff in many organizations covering such scales of computers affected this remained work in progress for most large businesses until Friday.
The Paris Olympic Committee announced that its operations were being impacted by the outage but ticket sales had not been affected. In the UK general practitioners faced closures due to shut downs caused by the failure.
Speaking on X website CrowdStrike CEO George Kurtz said “We understand how serious this situation is and deeply regret any inconvenience or disruption caused. We are helping all affected customers to get their systems back online so they can continue providing critical services to their own customers. Further apologizing for the massive disruption, he added: “We deeply apologize.”
Sundareshwar K, partner and leader for cyber security at consultancy firm PwC India said “This is a Black Swan event impacting not just businesses but the overall national machinery, and underscores how safeguarding entities against risk involves much more than technology. This development highlights how it is a misnomer that enhanced technology deployment alone will help organisations become more secure and ensure business continuity.”
The outage was felt across industries back home with airlines issuing handwritten boarding passes.
IndiGo passenger Akshay Kothari posted on X a picture of his handwritten boarding pass for a Hyderabad-Kolkata flight. He said, “Today I got my first ever hand written boarding pass”. Indian carriers including Indigo, Akasa Air, Air India Express and SpiceJet; had service disruptions affecting ticket booking and web check-in among other things.
According to insiders, Tata Starbucks had some issues with certain of its PoS (point of sale) systems but this did not have any major effect on the business. The executive at one of the companies claimed that a number of merchants using Amazon, Meesho and Flipkart platforms were experiencing bugs associated with inventory management applications supplied by Microsoft on condition of anonymity. There was no response from Amazon and Flipkart while a Meesho representative mentioned that there has not been any impact.
During the day, PhonePe’s stock broking platform Share.market faced some challenges as reported here. The company later said it had restored services and apologized for the inconvenience caused.
“It is a very nasty example of how vulnerable key parts of our internet infrastructure are,” Ciaran Martin formerly headed Britain’s National Cyber Security Centre now teaches at Oxford University, told New York Times.