On July 19, a routine software update by US cybersecurity firm CrowdStrike triggered a global IT outage, causing millions of Windows computers to crash and disabling business systems reliant on the operating system. This unexpected incident threw airports, supermarkets, and newsrooms into disarray.
CrowdStrike, known for its ransomware, malware, and internet security products, released an update to its Falcon sensor program early on July 19. The update, intended to enhance security, caused a logic error that crashed Windows systems worldwide. Users with Falcon on Windows version 7.11 or above were affected, with many devices entering a reboot loop. Despite CrowdStrike’s swift response, some users continued to experience issues, and the company is still conducting a root cause analysis to understand the problem fully.
Interestingly, China largely escaped the widespread chaos, with reports of outages in the country mostly limited to foreign firms. CrowdStrike’s minimal presence in the country played a key role, stemming from China’s preference for services provided by domestic tech giants like Alibaba, Tencent, and Huawei over foreign companies like Microsoft.
Over the years, China has been replacing foreign IT systems with local alternatives, creating what some call a “splinternet.” This strategy insulates China’s essential services from global disruptions. Beijing views reducing reliance on foreign tech as crucial for national security, a sentiment mirrored in actions taken by the US and Europe against companies like Huawei and TikTok. The US has restricted sales of advanced semiconductor technology to China and limited American investments in Chinese tech, citing national security.
The incident had a significant impact on CrowdStrike’s stock price. After closing at USD 343.05 on July 18, the stock opened much lower at USD 294.51 post-incident, inching up to USD 304.96 by day’s end. As of July 22, the price has further retreated to USD 263.91, erasing most of the gains achieved this year—a level not seen since early January.
As CrowdStrike works to resolve the fallout, this incident highlights the often overlooked need for robust testing and contingency planning in technology, exposing vulnerabilities in global tech dependencies and cybersecurity resilience.