A massive technology outage has disrupted businesses and institutions in multiple countries, throwing airports, airlines, rail companies, government services, banks, stock exchanges, supermarkets, telecoms, health systems and media outlets into chaos.
The disruption was caused by an update to a product offered by cybersecurity firm CrowdStrike, which had caused machines running the Microsoft Windows operating system to crash.
Reporting from London, Al Jazeera’s Jonah Hull said, “CrowdStrike seems to have had some sort of mandatory update to its software that went horribly wrong.”
The company had reported that the issue was related to its Falcon sensor product, engineers identifying a “content deployment problem”, said Hull.
“Essentially it happens as you’re sitting in front of your terminal. If your terminal is a Microsoft Windows terminal, it suddenly goes to a blank blue screen. It’s called the ‘blue screen of death’ error. You are locked out of your operating system,” Hull said.
CrowdStrike CEO George Kurtz said on Friday that the outage was not a “security or cyber incident”.
“We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on,” he wrote on X.
“As noted earlier, the issue has been identified and a fix has been deployed.”
Microsoft said on Friday that the “underlying cause” of the global outage had been “fixed”, but the “residual impact” was continuing to affect some Office 365 apps and services.
The outages rippled far and wide, forcing some broadcasters off air and leaving customers without access to services such as healthcare or banking. Transport systems around the world among the hardest hit.
In the United States, major airlines Delta, United and American Airlines were grounded on Friday morning due to a communication issue, according to an update by the Federal Aviation Administration.
In Australia, flight information screens at Sydney airport went blank. The airport said that flights were arriving and departing but that travellers should expect delays.
Melbourne airport said that check-in procedures for some airlines had been affected.
Airports in the United Kingdom, Germany, India, Malaysia and the Philippines also reported disruptions to services.
Amsterdam’s Schiphol airport, one of Europe’s busiest hubs, was also hit, with a spokesperson saying: “The outage has an impact on flights flying from and to Schiphol,” adding that it was not yet clear how many flights were affected.
All airports in Spain were experiencing “disruptions”, the airport operator Aena said.
Air France said its operations were also affected, but that flights already en route were not affected.
Hong Kong Airport Authority said airlines affected by the outage have switched to manual check-in and flight operations have not been affected.
Kenya Airways’s booking system was impacted, the airline said, warning customers to expect slower service than usual.
Multiple other sectors were also affected.
Banks and other financial institutions from Australia to India and South Africa warned clients about disruptions to their services.
Australia’s largest bank, Commonwealth Bank (CBA.AX), said some customers had been unable to transfer money due to the service outage.
In the UK, the London Stock Exchange (LSE) was hit by a technical glitch that affected its news service and delayed its display of opening trades.
Media companies also saw their broadcasts severely disrupted.
Australia’s national broadcaster, the Australian Broadcasting Corporation, and Network Ten confirmed that their systems had been affected.
Sky News, one of the UK’s major news broadcasters went off air, apologising for being unable to transmit live.
Government services were also hit.
In the UK, booking systems used by doctors were offline, multiple reports from medical officials on X said.
The Ministry of Foreign Affairs of the United Arab Emirates said some of its systems were impacted, including its “attestation service”, in a post on X. “We advise users to refrain from conducting any transactions until this issue is resolved,” it said.
In Australia, Victoria’s state police said some internal systems had been hit by the outage but emergency services were operating normally.
New Zealand’s parliamentary computer systems were affected, according to Rafael Gonzalez-Montero, head of the parliamentary service.
Amazon’s AWS cloud service provider said in a statement that it was “investigating reports of connectivity issues to Windows EC2 instances and Workspaces within AWS”.
At the time of reporting, some of the malfunctioning business, companies and computer app systems were beginning to return to normal service, including Sky News in the United Kingdom, which was down for an hour in the morning.
Services of South African lenders Capitec Bank CPIJ.J and Absa ABGJ.J and airline Airlink have also been fully restored after the outage.
The New York Stock Exchange and Nasdaq said markets also worked normally as of midday Friday.
Major US banks, including Bank of America and Goldman Sachs, also said they had not seen any major impact on their systems or operations.
Not a ‘malicious act’
Australia’s National Cyber Security Coordinator said on Friday that it was aware of a “large-scale technical outage” affecting numerous business and services across the country.
“Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies,” the agency said in a statement.
“There is no information to suggest it is a cyber security incident. We continue to engage across key stakeholders.”
France’s cybersecurity agency said Friday that there was no evidence that the global IT outage was “the result of a cyberattack.”
“The teams are fully mobilised to identify and support the affected entities in France and to understand… the origin of this outage,” ANSSI, the national cybersecurity agency said.
A UK government security source told the Reuters news agency that the outage was not being treated as “a malicious act”.