A global tech outage affecting Microsoft platforms has impacted banks and card payment systems worldwide. The disruption is attributed to a software update from cybersecurity firm CrowdStrike. CEO George Kurtz reported that a “defect found in a single content update for Windows hosts” caused the issue, clarifying that it is neither a security incident nor a cyberattack. The problem has been identified, isolated, and a fix has been deployed.
Microsoft confirmed that the issue affects Virtual Machines running Windows Client and Windows Server with the CrowdStrike Falcon agent, potentially leading to a blue screen error and repeated restart attempts. The issues began around 19:00 UTC on July 18.
Banks such as Lloyds in the UK and Capitec in South Africa have reported problems, and retailers like Waterstones, Waitrose, and Wetherspoons are experiencing difficulties with card payments. The London Stock Exchange’s regulatory news service has also faced outages, disrupting trading for firms including JP Morgan and UBS.
Melanie Pizzey, CEO of the Global Payroll Association, expressed concerns about the future impact of the outage, stating that many clients have already struggled to access payroll software, which could have severe implications for businesses reliant on regular payroll processing.
The widespread outage has affected airports, train stations, and broadcasting services, leading to significant delays for airlines including Ryanair, American Airlines, KLM, Qantas, and Air New Zealand. Other organizations such as Allianz, NHS, BBC, Waitrose, and Sky News have also been impacted.
As a result of the incident, stock prices for both Microsoft and CrowdStrike have seen a decline. This outage adds to a growing list of recent system failures that have disrupted daily life and frustrated consumers, including a significant payments issue faced by the Bank of England that caused the RTGS system Chaps to shut down and a previous payments outage affecting Visa and Mastercard users in the UK.
Jake Moore, global security advisor at ESET, remarked on the rising frequency of such outages, attributing them to increased online usage and traffic. He noted the inconvenience caused serves as a reminder of society’s reliance on major tech firms, such as Microsoft.
Al Lakhani, CEO of IDEE, emphasized the potential pitfalls of CrowdStrike’s platform approach, which relies on a single agent for detection. He suggested that while this might appear advantageous, it can lead to significant challenges, especially when software maintenance and updates introduce points of failure. Lakhani advocated for prioritizing agentless cybersecurity solutions to reduce the risks of widespread failures.
David Varney, a partner at UK law firm Burges Salmon, highlighted that the effectiveness of responses to unforeseen IT outages hinges on the preparedness and resilience built into an organization’s business continuity strategies. The current issues with CrowdStrike serve as a crucial reminder of the necessity for proactive planning and regular testing to ensure business resilience in the face of unexpected challenges.