CrowdStrike Windows Outage Chaos, Experienced in the Philippines

On Friday, July 19, 2024, a faulty software update from cybersecurity firm CrowdStrike led to widespread disruptions across multiple sectors, notably impacting travel, finance, healthcare, and media.

The incident affected CrowdStrike customers using Microsoft Windows, with the company confirming that the issue was not a result of hacking or a cyberattack but an error related to its "Falcon sensor" product.

Air Travel Chaos in the Philippines

Air travel faced severe disruptions due to the software issue, grounding flights and causing extensive delays. Thousands of flights were canceled, and tens of thousands were delayed, leading to long lines and frustrated passengers at airports worldwide. In Cancun, Mexico, 24 flights were canceled, and 100 were delayed, with travelers attempting to keep spirits high by singing together.

The CrowdStrike software update chaos was also felt in the Philippines, particularly at NAIA Terminal 3. The Microsoft-based system outage led to significant "technical issues" and "operational disruptions" on Friday, July 19, 2024, affecting the services of several airline companies. These disruptions resulted in long lines, delays in check-ins, and inconveniences for travelers as airline staff had to resort to manual processes to manage operations amidst the peak travel season.

The situation at NAIA Terminal 3 on July 19, 2024 as a result of the Microsoft Global Outage. Photo Credit: Naprey Almario

Cebu Pacific was notably affected, experiencing system outages that further complicated the busy travel season. The airline had to rely on backup systems and manual processes to manage flight operations and customer service, adding to the delays and inconvenience for travelers.

AirAsia Philippines also reported operational disruptions related to check-in processes and self-check-in kiosks due to the outage. First Officer Steve F. Dailisan, Head of Communications and Public Affairs, stated that the airline was in constant communication with its partners Navitaire and Microsoft to restore full functionality as soon as possible. Passengers were advised to monitor AirAsia's social media platforms for timely updates on flight status.

Financial Sector Impact in the Philippines

The financial sector was significantly impacted, with major banks in the Philippines issuing advisories about the disruptions. 

Bank of the Philippine Islands (BPI) reported that the issue had affected certain operations, causing longer wait times in branches and delays in crediting financial transactions, including bills payment and interbank fund transfers. BPI assured customers that their technical team was working closely with the provider to resolve the issue and that branches, ATMs, CAMs, online, and mobile banking services remained available.

Philippine National Bank (PNB) advised the public that they may experience intermittent issues with its banking channels due to the global outage. The bank's technical team was on standby to ensure that affected channels were restored to normal operations as soon as possible.

Metrobank informed customers of potential slowdowns or temporary unavailability of some bank products and services through online channels. Clients were advised to access their funds through ATMs or deposit funds via Cash Accept Machines, with branch personnel ready to assist.

UnionBank reported that its Customer Service Hotline and some branch services and online credit card transactions were temporarily unavailable due to the global IT outage. Customers were encouraged to use the UnionBank Online app or website, or any of the bank's ATMs nationwide, for continued access to accounts and essential banking services.

International Media and Healthcare Disruptions

Several local TV stations in the United States were unable to air their scheduled news programs early Friday. This was mirrored in Australia, where national news outlets like ABC and Sky News went off-air for several hours. Some news anchors had to broadcast from dark offices with blue error screens in the background, illustrating the widespread nature of the issue.

Hospitals also faced significant operational challenges due to the software update. Appointment systems were disrupted, leading to suspended patient visits and canceled surgeries. In the United Kingdom, the National Health Service reported widespread issues at most doctors' offices. At Massachusetts General Hospital in the United States, all non-urgent surgeries and medical visits were canceled for the day.

Corporate and Small Business Repercussions

Small businesses and government offices were not spared either. Many experienced system outages that disrupted daily operations. In New York City's Times Square, several giant electronic billboards displayed blue "recovery" screens, and some remained dark well into the afternoon.

CrowdStrike's Response

CrowdStrike CEO George Kurtz issued an apology for a global technical failure that disrupted multiple industries, assuring that the company is working with all affected customers to restore their operations. Kurtz expressed deep regret on NBC News' "Today" program, stating, "We're deeply sorry for the impact that we've caused to customers, to travelers, to anyone affected by this, including our company."

Kurtz provided an update on the recovery process, mentioning that many customers are rebooting their systems and seeing them become operational again. He acknowledged that full recovery might take longer for some systems that do not automatically come back online but promised that CrowdStrike would ensure every customer is fully recovered. "It could be some time for some systems that won't automatically recover," he added.

Security experts criticized CrowdStrike for not conducting adequate quality checks on the routine update of its widely used cybersecurity software. The latest version of the Falcon Sensor software was intended to enhance security against hacking by updating threat defenses. However, faulty code in the update led to one of the most extensive tech outages in recent years, affecting companies using Microsoft's Windows operating system.

The update's problems quickly became evident as users shared images of computers displaying error messages, known as "blue screens of death," on social media. Steve Cobb, chief security officer at Security Scorecard, suggested that the flawed file might have bypassed the usual vetting process.

"What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," he explained. The incident disrupted global banks, airlines, hospitals, and government offices, requiring manual intervention to weed out the flawed code and restore systems.

Market Reaction

The market reacted sharply to the news, with shares of CrowdStrike falling by more than 11 percent on Friday. Microsoft's stock price also saw a slight dip of less than 1 percent. Despite the significant disruptions, forecasting firm Capital Economics predicted that the impact on the global economy would be minimal.

Looking Ahead

The incident underscores the critical role cybersecurity firms play in maintaining the stability of various sectors. As organizations increasingly rely on digital infrastructure, the need for robust and reliable cybersecurity solutions becomes ever more paramount. This event may prompt companies to reevaluate their cybersecurity strategies and ensure they have contingency plans in place to mitigate similar risks in the future.

For the Philippines and other affected regions, this serves as a wake-up call to bolster their cybersecurity measures and ensure that key sectors such as travel, finance, and healthcare are better protected against such disruptions. As Cebu Pacific and other local entities work to restore normalcy, the importance of resilient and adaptive cybersecurity frameworks cannot be overstated.

The CrowdStrike software update debacle of July 19, 2024, has exposed significant vulnerabilities in our global systems and highlighted the urgent need for enhanced cybersecurity measures and robust contingency planning. As the world works to address the aftermath and prevent future occurrences, the lessons learned from this incident will undoubtedly shape how businesses and individuals navigate the complexities of our interconnected digital landscape