CrowdStrike backlash over $10 apology voucher
- Published
CrowdStrike is facing fresh backlash after giving staff and firms they work with a $10 UberEats voucher to say sorry for a global IT outage that caused chaos across airlines, banks and hospitals last week.
The cybersecurity company - whose software update on Friday affected 8.5 million computers worldwide - said in an email to its partners that it recognised the incident had caused extra work.
"To express our gratitude, your next cup of coffee or late night snack is on us!" CrowdStrike wrote, directing people to use a code to access the $10 credit.
But the gesture was greeted by derision by some. One Reddit user branded it an "absolute clown show" while another said: "I literally wanted to drive my car off a bridge this weekend and they bought me coffee. Nice."
One LinkedIn user, external claiming to be a CrowdStrike partner, said: "The gesture of a cup of coffee or Uber Eats credit as an apology doesn't seem to make up for the tens of thousands lost in man hours and customer trust due to the July 19 incident."
CrowdStrike confirmed to the BBC that it sent the vouchers to "teammates and partners" who had helped customers deal with the impact of the outage.
But some people who said they had received a voucher also took to social media to say it did not work.
"Uber flagged it as fraud because of high usage rates," CrowdStrike admitted.
It comes amid growing questions over what financial compensation CrowdStrike customers and people impacted by the outage will be able to claim.
The firm has pledged to improve its software tests after a faulty content update for Windows systems caused the mass IT outage.
Its mistake resulted in problems for banks, hospitals and airlines as millions of PCs displayed "blue screens of death".
In a detailed review of the incident published on Wednesday, external CrowdStrike said there was a "bug" in a system designed to ensure software updates work properly.
Crowdstrike said the glitch meant "problematic content data" in a file went undetected.
The company said it could prevent the incident from happening again with better software testing and checks, including more scrutiny from developers.
The faulty update crashed 8.5 million Microsoft Windows computers around the world and George Kurtz, Crowdstrike's boss, has apologised for the impact of the outage.
But cybersecurity experts told BBC News that the review revealed the firm made "major mistakes".
"What’s clear from the post mortem is they didn't seem to have the right guardrails in place to prevent this type of incident or to reduce the risk of it occurring," said cyber-security consultant Daniel Card.
His thoughts were echoed by cybersecurity researcher Kevin Beaumont, who said the key lesson from CrowdStrike's review was that the firm doesn't "test in waves".
"They just deploy to all customers at once in a so called 'rapid response update' which was obviously a huge mistake," he said.
But Sam Kirkman from cybersecurity firm NetSPI told the BBC the review showed CrowdStrike "took steps" to prevent the outages.
He said these steps "have likely been effective to prevent incidents on countless occasions prior to last week”.
Congress calls
According to insurance firm Parametrix, the top 500 US companies by revenue, excluding Microsoft, had faced some $5.4bn (£4.1bn) in financial losses from the outage.
It said that only $540m (£418m) to $1.08bn (£840m) of these losses were insured.
The US government has opened an investigation into Delta Airlines' handling of the outage after it continued to cancel hundreds of flights.
Delta chief executive Ed Bastian said in a letter to customers on Wednesday it expects the airline to make a full recovery on Thursday, external.
Crowdstrike is set to face further scrutiny - with Mr Kurtz called to testify in front of Congress about the outage.
"This incident must serve as a broader warning about the national security risks associated with network dependency," wrote the House Committee on Homeland Security in a letter to the company on Monday.
It gave CrowdStrike until Wednesday evening to schedule a hearing.
Additional reporting by Joe Tidy