CrowdStrike's Outage Cost Billions And Its Reported Apology Only Makes Things Worse

Less than a week ago, a faulty update by cybersecurity firm CrowdStrike took down over 8.5 million computers across the globe. The outage hobbled industries ranging from aviation and healthcare to emergency 911 helplines and even food giants like McDonald's. To make matters worse, the initial apology offered by the company's CEO was widely lambasted as tone-deaf. Following that is a rumor claiming CrowdStrike, a name familiar to even racing fans, sent its customers gift cards to make amends — something the company says isn't true.

The rumor is based on details from an email sent by CrowdStrike to certain individuals, offering them a $10 Uber Eats gift card as what some people interpreted to be a token of apology. "To express our gratitude, your next cup of coffee or late night snack is on us," reads the email, a copy of which was seen by TechCrunch. In a lengthy Reddit thread discussing the voucher, some recipients said they were unable to redeem the gift cards, fueling additional speculation.

A friend received it and then said they revoked it

Which sounds about right haha

— Mark Le Dain (@mark_ledain) July 24, 2024

A CrowdStrike spokesperson provided SlashGear with a statement clarifying the matter, explaining that the gift cards weren't an apology to its customers or clients, but rather a way to support its "teammates and partners who have been helping customers through this situation." The company also shed light on why some recipients were unable to redeem the gift cards: "Uber flagged it as fraud because of high usage rates."

The service disruptions caused by the CrowdStrike flub, which prompted Microsoft to release emergency recovery tools of its own, dealt quite some damage. According to Parametrix, American Fortune 500 companies are staring at a loss to the tune of $5.4 billion. Of that sum, roughly $540 million to $1.08 billion are covered by insurance losses, the company said in a statement shared with Reuters. The company further labeled the outage as "the biggest accumulation event we ever saw in cyber insurance."

Globally, however, the net losses incurred by companies could be touching the $15 billion figure. But keep in mind that this is not a hard quantification, and it's unlikely that we will ever know the full extent of the damage, including the damage dealt to direct individual customers of companies that were hit by the service disruption. However, it seems recovery may not be straightforward in CrowdStrike's case.

According to an expert-backed analysis by Business Insider India, the cybersecurity company will only have to issue refunds in the worst-case scenario. It may be possible that larger clients had a different arrangement with CrowdStrike regarding such events, but details of such liability and recovery terms are not public knowledge. But the heat will linger, it seems. U.S. House leaders, including Rep. Mark E. Green of Tennessee and Rep. Andrew R. Garbarino of New York, recently sent a letter to CrowwdStrike CEO George Kurtz, asking him to testify before Congress regarding the massive outage.