A faulty software update causedtechnological havoc worldwideon Friday, grounding flights, knocking down some financial companies and news outlets, and disrupting hospitals, small businesses and government offices, including in Michigan.
The breadth of the outages highlightedthe fragility of a digitized worlddependent on a few providers for key computing services.
The trouble was sparked by an update issued by cybersecurity firm CrowdStrike and only affected its customers running Microsoft Windows, the world's most popular operating system for personal computers. It was not the result of hacking or a cyberattack, according to CrowdStrike, which apologized and said a fix was on the way.
Theglobal technology outageon Friday locally snarled flights at Detroit Metro Airport and affected some Metro Detroit hospitals and the state government, as well as phone lines and border crossings, among other things, officials said.
Detroit Metro Airport, MBS International Airport — which serves the Midland, Bay City and Saginaw areas — and Alpena Regional Airport all experienced "excessive" delays, according to FlightViewcom.
At one point late Friday morning, hundreds of flights departing and arriving at DTW were listed as delayed. It said more than 20% of departures from the airport and about 35% of arrivals were on time. However, more than 60% of both departures and arrivals were very late. Dozens of flights were also canceled, according to FlightView.
"Operations are returning to normal at DTW," Randy Wimbley, a DTW representative, said in an email. "However, only the airlines can say when the issue will be completely resolved. That’s why it’s important customers check their flight status with their airline before heading to the airport."
The Federal Aviation Administration said on X that it was "closely monitoring a technical issue impacting IT systems at U.S. airlines."
More:Michigan's state, county governments, some colleges hit by outage
Travelers inconvenienced
Thousands of flights were canceled and tens of thousands were delayed, leading to long lines at airports in the U.S., Europe, Asia and Latin America. Airlines lost access to check-in and booking services in the heart of the summer travel season. By late afternoon Eastern time, the worst appeared to be over, though there were still lingering cancellations and delays due to the cascading effect of the disruption.
For most of the morning, hundreds of travelers crammed into Evans Terminal at Detroit Metro Airport in Romulus, where airline representatives gave the same answer at every counter: This will take a while. Crowds began to ebb around 1 p.m., though many among the waves of travelers arriving at the terminal expressed dismay at prevailing long lines.
The Evans Terminal remained most congested at Spirit Airlines counters. Several travelers settled down nearby on benches, windowsills, stairs and parts of the floor as they continued to wait for news of their flights.
Gabriel Salcedo, of Bogotá, Colombia, had been waiting in the terminal since 2 a.m. on Friday, he said. The 70-year-old traveler had been visiting family in Detroit and arrived on time for his 5 a.m. flight, only to be stranded at the luggage check-in when it took off without him, he said.
“I wanted to return to Colombia today, but that was just a hope,” Salcedo said.
Lindsey Svarek of Detroit arrived at the Evans Terminal to find a line more than three-quarters of the length of the departures lane.
“I think I might miss my flight,” the 25-year-old traveling to Minneapolis said. “Probably just not going to make it there. I might end up having to drive; it’ll be quicker.”
Amelia Ren, 23, said she had been wandering around the Evans Terminal for six hours as of 10:50 a.m. Friday.
The Farmington Hills traveler had planned to fly into Los Angeles for a sightseeing visit to the West Coast, she said.
Ren said she didn’t know if she would be able to make it on time to a Los Angeles dance class she’d signed up for. All her reservations and tickets to Joshua Tree National Park were non-refundable, adding insult to injury, she said.
“It’s terrible,” Ren said. “Just terrible.”
Camila Polanco said she had nearly reached her wit’s end as of 11 a.m. Friday, more than 24 hours later since she had first arrived at the airport. The 18-year-old traveler from Detroit arrived to DTW at 8 a.m. on Thursday, only to have her flight delayed three times and canceled twice, she said.
Friday’s international outage only exacerbated the delays, forcing her to stay put on the same Evans Terminal bench where she slept overnight, Polanco said.
Her latest flight was canceled at 1 a.m. Friday. Polanco had no updates by late morning, one hour away from the start of her aunt’s noon wedding ceremony in Tampa, Florida she had been traveling to attend.
She said all of her family had already arrived in Tampa ahead of her, leaving her to figure out another flight on her own.“I’ve cried like three times,” she said.
A loudspeaker announcer around noon informed travelers that Spirit Airlines had canceled two flights to Tampa.
"Go home and try again tomorrow," the announcer said.
Hospitals, companies hit
American Express said it temporarily had some difficulties processing transactions, while TD Bank responded to online complaints by saying it was working to restore customers’ ability to access their accounts. In New York City's Times Square, right before 12:30 a.m., the blue “recovery” screens popping up on laptops appeared on several giant electronic billboards. A few were dark Friday afternoon.
Reached Friday, Comerica Bank officials told The Detroit News: “While we were impacted by the event, our recovery actions overnight mitigated the impact to our customers. Currently, all critical systems are healthy.”
Affected hospitals nationwide had problems with appointment systems, forcing them to suspend patient visits and cancel some surgeries. The reports in Michigan were less severe.
"Our hospitals and emergency rooms are open. Some procedures and appointments might be delayed," Corewell Health officials in Michigan said in a statement. "Please visit CorewellHealth.org for the latest updates."
Detroit-based Henry Ford Health was also affected.
"Like so many, we are experiencing some disruptions due to a global technology outage," a spokesperson said. "Our team continues to work diligently to restore all of our systems. We are able to continue to care for our patients."
Michigan Medicine experienced technical issues in some areas and spokeswoman Mary Masson said there may be delays in trying to connect with services.
"However, our operations are continuing, and we are not canceling procedures or appointments at this time," Masson said. "All of our resources are fully dedicated to restoring full functionality as quickly as possible."
The Detroit Medical Center's information technology division reported the hospital system has not been hit with computer problems, DMC spokeswoman Tammy Battaglia said in a Friday email.
Border crossings impacted
Meanwhile, Windsor Police officials said the outage initially delayed traffic at both the Detroit-Windsor Tunnel and the Ambassador Bridge, where a long line of cars from Canada was visible throughout the morning.
Both the Ambassador Bridge and Detroit/Windsor tunnel reported sporadic delays throughout the day, but beyond Friday morning, there were no major wait times being reported by both U.S., Canadian government officials as well as a private U.S. website that monitors border crossings.
“Presently, there are and were no significant border wait times reported,” said Jacqueline Roby, a spokeswoman for the Canada Border Services Agency.
Anthony Bucci, a spokesman for U.S. Customs and Border Patrol, said the agency was experiencing "processing delays" due to the outage.
"While ensuring national and homeland security, we are working to mitigate impacts to our operations and are proactively working with our stakeholders to minimize the impact to international trade and travel," said Bucci in a statement. "During this time, travelers at air and land ports of entry may experience longer than normal wait times."
The Canada Border Services Agency, meanwhile, experienced a partial systems outage of its telephone reporting system that had been resolved by mid-day Friday, Roby said.
The telephone reporting “is a system primarily used by small aircraft passengers and boaters,” said Roby in a Friday email.
“The CBSA worked urgently with its partners and service providers to mitigate any disruptions and restore full service as quickly as possible," Roby said. "We are continuing to monitor further potential impacts. No CBSA systems are affected at this time."
A disturbing reminder of vulnerability
While the global outage was not a cyberattack but rather a massive system error, the widespread impact will lead to many questions about the vulnerabilities of many vital systems, said Thomas Holt, a Michigan State University professor who researches computer hacking, malware and other computer security issues.
“We should treat this seriously as a concern because there are so many different entities that are in networks and that are constantly updating and patching and things,” Holt said. “So what should we be thinking about in terms of overall structural vulnerabilities? Not as an external attacker, but the internal. How do we — if we can't fix this problem — at least how do we triage it?”
Because CrowdStrike was attempting access to update a software issue, it doesn’t raise flags that there was a backup or redundancy system in place, Holt said.
“There's not a way to necessarily backup or introduce redundancies because the code itself being updated didn't work for some reason with the Microsoft software that was in place," he said.
Cyber expert James Bore said real harm would be caused. “All of these systems are running the same software," Bore said. "We’ve made all of these tools so widespread that when things inevitably go wrong — and they will, as we’ve seen — they go wrong at a huge scale."
CrowdStrike said in a recording on its customer service line that the problem was related to “the Falcon sensor,” referring to one of its products used to block online attacks. The company says it has 29,000 customers.
In an interview on NBC’s “Today Show,” CrowdStrike CEO George Kurtz apologized, saying the company was “deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this, including our companies.”
“We know what the issue is” and are working to fix it, Kurtz said. However, he noted it could take “some time" for certain customers, especially those lacking in-house expertise.
While CrowdStrike’s update was automated, the fix requires hands-on work such as deleting corrupted files, which could take some customers days or longer, said Forrester analyst Allie Mellen.
“Given that CrowdStrike has a ton of customers, a ton of Fortune 500 customers, and they have likely millions of (computers) under management, this causes a bigger issue,” Mellen said. “It is going to be a long and arduous process.”
In Alaska, the state's court system returned to functionality after repairs that took 12 hours to complete, according to spokesperson Rebecca Kofort. In Iowa, Gov. Kim Reynolds said the state's critical technology systems were up and running again by mid-afternoon.
Shares of CrowdStrike, which is based in Austin, Texas, ended Friday trading down more than 11%. Microsoft's stock price fell less than 1%.
Though the outage's impact could be felt far and wide, the forecasting firm Capital Economics said it was likely to have little impact on the world economy.
Cybersecurity experts said those affected by the outage also needed to be wary of bad actors reaching out claiming they can help. “Attackers will definitely prey on organizations as a result of this,” said Gartner analyst Eric Grenier.
In aletter to customersposted on CrowdStrike's website, Kurtz said the outage did not affect its Falcon systems or its security scanning.
Staff Writers Hannah Mackay and Louis Aguilar and the Associated Press contributed.