CrowdStrike exec apologizes before House committee over IT outage caused by faulty software update that sparked global chaos

A senior CrowdStrike executive has issued an apology over the global IT outage in July that sparked worldwide flight cancellations and chaos across several industries.

Adam Meyers, senior vice president for counter adversary operations, appeared before a US House of Representatives subcommittee on Tuesday to answer questions about the faulty software update that caused the outage on July 19.

He said the company was deeply sorry for the perfect storm outage that affected millions of people and vowed that CrowdStrike was determined to prevent it from happening again. 

Meyers added that the issues were not the result of a cyberattack or prompted by AI.

The July incident, sparked by a flawed software update rolled out by CrowdStrike, crippled around 8.5 million computers running Microsoft software, which brought businesses and infrastructure to a standstill. 

The outage impacted industries around the globe including airlines, banks, health care, media companies and hotel chains.

Adam Meyers, (pictured) CrowdStrikes senior vice president for counter adversary operations, appeared before a US House of Representatives subcommittee on Tuesday to answer questions about the faulty software update that caused the global IT outage on July 19

He said Crowdstrike was deeply sorry for the perfect storm outage that affected millions of people and vowed that the company was determined to prevent it from happening again. The cybersecurity firms Sunnyville, California office is pictured on July 19, 2024

CrowdStrike released a content configuration update for its Falcon Sensor security software on July 19 that resulted in system crashes worldwide, Meyers told the House Homeland Security Cybersecurity and Infrastructure Protection subcommittee.

He explained that the new threat detection configurations were validated and sent to sensors running on Microsoft Windows devices but the configurations were not understood by the Falcon sensors rules engine, leading affected sensors to malfunction until the problematic configurations were replaced. 

We are deeply sorry this happened and we are determined to prevent this from happening again, Meyers told the legislators. 

We have undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company.

He added: We appreciate the incredible round-the-clock efforts that our customers and partners who, working alongside our teams, mobilized immediately to restore systems.

We were able to bring many customers back online within hours. I can assure that we continue to approach this with a great sense of urgency.

The committee members pressed Meyers on how the incident occurred in the first place, with legislators likening its impact to that of a well-planned, sophisticated cyber attack, but instead had happened because of a mistake inside CrowdStrikes software.

The July 19 incident led to worldwide flight cancellations and impacted industries around the globe including banks, health care, media companies and hotel chains. Pictured are the departures monitors at Orlando International Airport on July 19, 2024 showing the number of cancelled and delayed flights due to the global communications outage

A checkout terminal hit by IT issues is seen at a Coles store in Canberra, Australia on July 19

Passengers in the South Terminal at Londons Gatwick Airport wait in long queues amid the widespread IT outage on July 19, 2024

In its analysis of the outage published in the aftermath of the incident, CrowdStrike said an undetected error in a software update sparked the problem, with a bug in the firms content validation system meaning problematic content data was not spotted and then allowed to roll out to Microsoft Windows customers, causing the crash.

Meyers said the cybersecurity firm would continue to share lessons learned from the incident to ensure it did not happen again.

Representative Mark Green, who chairs the House Homeland Security Committee, called the events a catastrophe that we would expect to see in a movie.

He told Meyers: We cannot allow a mistake of this magnitude to happen again.

Some watchers noted that the committee hearing did not see CrowdStrike face such an intense grilling as other tech executives have been subjected to in recent years, with those at the hearing instead placing an emphasis firms working with committees and government to prevent future incidents of a similar nature.

CrowdStrike still faces a number of lawsuits from people and businesses impacted by the outage.  

Delta Air Lines has vowed to take legal action, saying the outage forced it to cancel 7,000 flights, impacting 1.3 million passengers over five days, and cost it $500 million. 

The company rejected Deltas contention that it should be blamed for massive flight disruptions.

Meyers, pictured during the hearing on Tuesday, told legislators that the IT issues were not the result of a cyberattack or prompted by AI

In the UK, the CrowdStrike outage left GPs unable to access the digital system to manage appointments or view patient records, as well as send prescriptions to pharmacies – which were also widely impacted – forcing doctors to return to using pen and paper.

Meanwhile, flights were cancelled or delayed and passengers left stranded as airline systems were knocked offline or staff were forced to handwrite boarding passes and luggage tags.

Many small businesses also reported a substantial impact on their income, with some saying their websites being knocked offline by the incident cost them hundreds or even thousands of pounds in sales.

Last month, CrowdStrike cut its revenue and profit forecasts in the aftermath of the faulty software update, and said the environment would remain challenging for about a year.