Microsoft Outage Caused Worldwide Mass Service Disruptions
Last week, a widespread Microsoft outage affected airlines, health systems, banks, and television networks worldwide. The outage stemmed from a technical problem with CrowdStrike, the global cybersecurity firm’s antivirus software for Microsoft Windows devices.
Thousands of air flights and train services worldwide were canceled, disrupting many other public and retail services. Amazon, Visa, and ADT Security all announced service disruptions.
CrowdStrike identified the problem in its software and deployed a gradual fix to affected customers, emphasizing that the outage was not the work of a security incident or cyberattack. The company said the underlying cause was resolved, though residual impact continues to affect some Microsoft 365 apps and services. The company also acknowledged crash reports related to its Falcon Sensor software on Microsoft systems.
Over 1,300 domestic and international flights were canceled Friday morning in the United States, and another 3,600 were delayed. Globally, more than 25,000 flights were delayed. American Airlines, Delta Air Lines, and United Airlines resumed partial flight departures after pausing operations earlier due to the outages.
Hospitals in Germany reported canceling elective surgeries, and doctors in the United Kingdom announced additional problems with accessing online appointment booking systems. Pharmacists reported disruptions with medicine deliveries and prescription access.
The London Stock Exchange experienced disruptions in its regulatory news service, but trading was not impacted. The New York Stock Exchange reported no disruptions, and trading was fully operational.
Despite the CrowdStrike fix, some residual problems may take additional time to solve on individual client computer systems with Endpoint Detection and Response (EDR) products, which cannot be updated with the repair software remotely. According to the company, installing the repair software manually could take many days. Microsoft estimates that over 8.5 million computers were disabled due to the crash, predicting weeks-long recovery periods to bring machines back online.
Insurers could face thousands of business interruption claims over the outage. According to Reuters, the economic damages of crippling industries and inconveniencing consumers globally could reach tens of billions of dollars.
Cyber insurance risk platform CyberWhite reports that the outage should be considered an “insurance catastrophe,” but that many businesses’ lost time and income are not covered. Business insurance policies typically exclude non-malicious events or require separate policies with deductibles and waiting periods, if they are covered at all. Policyholders impacted by the outage are encouraged to review the company’s cyber insurance program to determine qualification.
The event could also trigger legal claims against CrowdStrike and Microsoft, particularly from businesses that are not CrowdStrike customers but were crippled by the crash of critical payment and data systems. Numerous small businesses lost revenue from system shutdowns or turned away customers because of CrowdStrike’s defective software.
Herold Law, P.A. is a full-service law firm with a team of fierce attorneys. If you need legal representation, call today at 908-679-5011 or contact us online to schedule an initial consultation. Located in Warren, New Jersey, we represent clients in Somerville, Morristown, and across New Jersey.