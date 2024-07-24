CrowdStrike's Outage Cost Billions And Its Reported Apology Only Makes Things Worse
Less than a week ago, a faulty update by cybersecurity firm CrowdStrike took down over 8.5 million computers across the globe. The outage hobbled industries ranging from aviation and healthcare to emergency 911 helplines and even food giants like McDonald's. To make matters worse, the initial apology offered by the company's CEO was widely lambasted as tone-deaf. Well, CrowdStrike, a name familiar to even racing fans, seems to be upping the ante once again, but in an undesirable fashion, that is.
Multiple customers have shared details of an email sent by CrowdStrike, offering them a $10 gift card they can redeem with Uber Eats, as a token of apology. "To express our gratitude, your next cup of coffee or late night snack is on us," reads the email, a copy of which was seen by TechCrunch. Interestingly, the voucher doesn't seem to be working for some of the users who got the email, but it's unclear if that's due to an issue with Uber Eats or whether CrowdStrike nuked it.
A friend received it and then said they revoked it
Which sounds about right haha
— Mark Le Dain (@mark_ledain) July 24, 2024
As per a lengthy Reddit thread where CrowdStrike customers across the North American and European markets have been discussing the voucher, it seems the code is no longer functional. One hypothesis floating around in the community is that CrowdStrike may have only allocated a small sum for the tokens, and as soon as the limit was breached, the rest of the $10 vouchers became useless.
Fat damage, slim recovery
The service disruptions caused by the CrowdStrike flub, which prompted Microsoft to release emergency recovery tools of its own, dealt quite some damage. According to Parametrix, American Fortune 500 companies are staring at a loss to the tune of $5.4 billion. Of that sum, roughly $540 million to $1.08 billion are covered by insurance losses, the company said in a statement shared with Reuters. The company further labeled the outage as "the biggest accumulation event we ever saw in cyber insurance."
Globally, however, the net losses incurred by companies could be touching the $15 billion figure. But keep in mind that this is not a hard quantification, and it's unlikely that we will ever know the full extent of the damage, including the damage dealt to direct individual customers of companies that were hit by the service disruption. However, it seems recovery may not be straightforward in CrowdStrike's case.
According to an expert-backed analysis by Business Insider India, the cybersecurity company will only have to issue refunds in the worst-case scenario. It may be possible that larger clients had a different arrangement with CrowdStrike regarding such events, but details of such liability and recovery terms are not public knowledge.
But the heat will linger, it seems. U.S. House leaders, including Rep. Mark E. Green of Tennessee and Rep. Andrew R. Garbarino of New York, recently sent a letter to CrowwdStrike CEO George Kurtz, asking him to testify before Congress regarding the massive outage.