'Completely unprecedented' outage causes havoc with IT systems across globe — as it happened (2024)

• Reports of the outage in Australia began flooding in about 3pm AEST
  
• Outages hit banks and payment systems, forcing some supermarkets and petrol stations to close
• Airport check-in systems have been disrupted and businesses have reported the "blue screen of death" and IT outages
• The Australian government says the outages are not the result of a cybersecurity incident but has been caused by a CrowdStrike update
• CrowdStrike's CEO says a defect in a recent update for Windows hosts has been identified and a fix has been deployed but some systems could be down for 'some time'
• Microsoft says apps and services are still experiencing residual impacts
• The prime minister says there has been no impact to critical infrastructure in Australia, such as triple-0 services and core emergency services
• Outages continue to impact health services and air travel around the world

That is all for our blog on the major outage that has impacted systems worldwide today.

We will continue to cover the ongoing impact of the CrowdStrike defect on the ABC News website.

In the US, airlines are working to restore systems and resume flights.

More than 1,000 flights had been cancelled and 2,000 delayed by 8:30am Friday morning (US eastern time), according to the FlightAware tracking website.

Still plenty of blue screens at Chicago's O'Hare Airport.

Kurtz told Today that the impact of the outage could be felt for 'some time' due to the systems of some of the company's customers still experiencing issues.

"Many of the customers are rebooting the system, and its coming up and it'll be operational because we fixed it on our end," Mr Kurtz said.

"And some of the systems that aren't recovering we're working with them. So it could be some time for some systems that just automatically won’t recover."

Kurtz told Today a "bug" in the CrowdStrike update caused the issue with the Microsoft operating system.

"This system was sent an update and that update had a software bug in it and it caused an issue with the Microsoft operating system," he said.

"We identified this very quickly and remediated the issue, and as systems come back online, as they're rebooted, they're coming up and they're working and now we are working with each and every customer to make sure we can bring them back online.

"But that was the extent of the issue in terms of a bug that was related to our update."

CrowdStrike CEO George Kurtz has appeared on US television network NBC, telling viewers the company was sorry for the impact of the defect on people around the world.

"I want to start with saying we're deeply sorry for the impact that we've caused to customers, to travellers, to anyone affected by this including our company," he told NBC's Today show.

The UK's National Health Service (NHS) says the outage is causing problems at most doctors' offices across England.

NHS England said in a statement that the glitch was hitting the appointment and patient record system used across the health service.

The NHS said the issue was affecting the majority of family doctors' practices, but was not hitting the 999 number used to call for emergency ambulances.

The regulatory service at the London Stock Exchange has also stopped working but the outage has not affected trading.

Reuters

The Paris Olympics' organising committee says its IT operations have been impacted by the global cyber outage, just a week before the Games are set to begin.

"We have activated contingency plans in order to continue operations," the organising committee said in a statement.

The organisers said the outages had impacted the arrival of some delegations. But they said impact was limited and the outages had not affected ticketing or the torch relay.

Reporting with Reuters and AP

Microsoft says while the underlying cause for the outages has been fixed, a "residual impact" is continuing to affect some Microsoft 365 apps and services.

"We're conducting additional mitigations to provide relief", the company Tweeted.

We've been bringing you images of the long lines at Australian airports following the computing outage today.

Similar images have been seen all around the world as travel ground to a virtual halt in many countries.

The US's Federal Aviation Administration says United, American, Delta and Allegiant airlines have all been grounded by the outage.

As we mentioned earlier, airlines and railways have been affected in the UK and Germany, as well as other parts of Europe.

In India, Hong Kong and Thailand, many airlines were forced to manually check in passengers, while an airline in Kenya was also reporting disruptions.

ABC local radio presenter Andre Leslie was in Kuala Lumpur today, and took images of long lines at the airport with AirAsia's self-service kiosks shut down.

V/Line, the operator of regional rail and coach services in Victoria, has released a statement indicating customers can expect delays of up to 120 minutes as the company works to restore services.

Trains on the V/Line network were stopped at approximately 4.35pm due to a radio system fault linked to a widespread computing outage. Trains resumed about an hour later but significant delays are expected on all lines for a number of hours.

Coaches are in place at major train stations on the network.

For more information visit the V/Line website or call 1800 800 007.

Loading...

Here is associate professor at RMIT's School of Engineering Dr Mark A Gregory speaking on ABC News about the CrowdStrike outage and the need for the government to call an inquiry.

Dr Gregory says questions needed to be answered about compensation for the national outage as well as what penalties the company should face.

He said Australia was quite lax when it came to regulating foreign multinational companies like CrowdStrike.

"We don't appear to have the legislation and regulation to hold them to account to ensure that they follow good engineering practice, and that definitely has not happened in this case, as an inquiry should find," Dr Gregory said.

He attributed the outage to "bad governance" at CrowdStrike.

"There should have been no roll-out to an entire country or to the entire world without testing within CrowdStrike, and also testing on, for example, a company that has agreed to be a test site for that software," he told News Channel.

"The idea that this update has been rolled out globally and has caused this sort of problem is unthinkable."

He said after a number of cybersecurity incidents in recent years, such as the 2023 Optus outage, Australia needed to consider stronger legislation and regulation "to ensure this type of event does not happen again".

"In every circ*mstance to date, Australia and our legislation and regulations have been found wanting," he said.

with Alicia Perera

Loading...

Dr Mark Gregory, a network engineering expert at RMIT University, says he expects the problems to be largely resolved by tomorrow morning.

"Software like CrowdStrike's Falcon platform are typically rolled out from a central part of an organisation," Dr Gregory said.

"They have IT support teams … they should be able to quite quickly apply the patch.

"As we've heard, a problem exists if a computer has been turned off after the blue screen occurred, the computer will need to be turned back on so the patch can be applied.

"But generally, I would expect this type of problem should be resolved by tomorrow morning.

"IT teams are going to be working late tonight because they'll need to apply the patch, then there'll be a lot of testing.

"I would expect by about midday tomorrow things should be pretty well back to normal."

Earlier we posted the Tweet from CrowdStrike's CEO regarding the cause of the worldwide computing outages. Here is the statement from the company again in full:

"CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted.

"This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.

"We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.

"We further recommend organizations ensure they're communicating with CrowdStrike representatives through official channels.

"Our team is fully mobilized to ensure the security and stability of CrowdStrike customers."

Business owner Danielle Hempseed said Fridays are always a busy day in her Rockhampton florist and gift shop, making the outage "frustrating".

"Having point of sales down, eftpos down, and emails down, it makes it really hard for us to operate," she said.

Ms Hempseed said the business has been experiencing dodgy reception recently, so they already had alternative payment options in place for when disaster struck, such as offering direct bank account transfers or processing the payment at a later time.

"We just have to trust [our customers] a little bit more," she said.

"We have always taken cash, that has never been an issue for us."

She said this is a reminder of how dependent her business is on technology.

Reporting by Scout Wallen

Victorian fire services are aware that some residential and business buildings that have monitored fire alarms may not automatically call the fire brigade due to current computing outages.

Victorians have been asked to call 000 if their building fire alarm is activated, or if they see flames or smoke, while the issue is being investigated by alarm companies.

Loading...

Michelle Rimmer from the ABC's London bureau says the outage is having widespread impacts globally on industries ranging from transport to infrastructure and even healthcare.

"Across Europe, at airports in Spain, in Germany, there have been incidents that have been reported at almost all of the airports. They've had to revert to manual operations just to try and keep things running at this stage," she told News Channel.

"The German government has said that critical infrastructure and operators have been impacted.

"The Paris Olympic Committee have released a statement saying that they've been affected as well, however, they have contingencies in place to make sure that they can continue with their planning and preparations ahead of the opening ceremony in just one week's time.

"Poland has said that its main shipping container terminal is struggling to keep up with any incoming ship loads — it's asked to not have any more containers dropped off.

"So we're really seeing broad impacts across a range of industries across Europe."

She says the outage is even leading to healthcare delays in the UK, where hospitals and GP surgeries are currently "only able to treat some of the most urgent cases".

"That's because they can't access medical records," she says.

"So they're reverting back to pen and paper to make sure that the most urgent emergency cases are still being seen, but others have been delayed."

Quite a few people in our comments have mentioned the outage has shades of "Y2K".

For those of our readers too young to remember, that was when — in the year 1999 — there were widespread fears of a technological catastrophe because old computers formatted the date with just the final two digits of the year, rather than the full four-digit year.

There were worries this glitch would turn into a full-scale meltdown as the clock ticked over into the year 2000.

Companies rushed to make sure their systems were "Y2K compliant".

Thankfully the problems reported on January 1, 2000 were pretty minor.

But this was in a time when cash was still in widespread use, before "tapping" was the preferred currency.

David Cullen from CISO Lens, the body that represents cybersecurity professionals in Australia and New Zealand, says CrowdStrike's software is "heavily entrenched" in global IT supply chains, so the issue doesn't just affect its customers, but its customers' customers and so on.

"This is a classic case of what happens when one supplier catches a cold, and the rest of us end up with the flu," he says.

"Resolving this issue will take some time. It won't be as simple as turn it off and turn it on again."

"When the dust settles, I hope that governments take the opportunity to partner with industry to capture lessons learned from this incident, to understand how we can better prepare ourselves for future major incidents and IT outages.

"While this wasn't a cyber attack, the impacts are the same."