One bad update. 8.5 million machines. $5.4 billion.

A single flawed content update from CrowdStrike crashed millions of Windows machines worldwide in what Microsoft and outside researchers have called the largest IT outage in history — grounding flights, closing hospitals, and knocking broadcasters off air.

CrowdStrike outage cost largest IT outage in history CrowdStrike Delta lawsuit global IT outage 2024
Scroll for the timeline
8.5M Windows devices crashed (Microsoft estimate)
$5.4B Estimated direct loss, US Fortune 500 (Parametrix)

What happened, in one table.

Sources are linked inline; figures are the most recent public estimates as of this page's last update.

Date July 19, 2024.
What broke A routine content update to CrowdStrike's Falcon sensor, used by endpoint-security teams worldwide, contained a defect that made Windows machines crash into the "blue screen of death" on startup — not a cyberattack, a bad update to security software itself.
Scale Roughly 8.5 million Windows devices were affected, according to Microsoft's own estimate — under 1% of all Windows machines, but concentrated in the enterprise fleets that run airlines, hospitals, and banks.
Recovery CrowdStrike identified and reverted the faulty update within roughly 80 minutes, but that fix couldn't reach machines that had already crashed — each one needed manual intervention (booting into Safe Mode and removing the bad file) to recover, which is why the outage's effects lasted days, not minutes.
Reported cost Parametrix, an insurance analytics firm, estimated $5.4 billion in direct financial loss to US Fortune 500 companies (excluding Microsoft), with likely insured losses of only $540M–$1.08B given typical policy limits. Delta Air Lines alone reported roughly $500 million in total cost, later refined in an SEC filing to about $380 million in direct revenue impact plus roughly $170 million in additional costs.

The fix was fast. The recovery wasn't.

This incident is a textbook case of MTTR being dominated by the recovery step, not the diagnosis step.

01

A trusted update, not an attack

The software responsible for stopping breaches was the cause of the outage — a reminder that security tooling with kernel-level access is also a single point of failure, and update pipelines deserve the same staged-rollout discipline as any other production change.

02

The fix couldn't be pushed remotely

Because affected machines couldn't boot, IT teams had to physically or manually touch each device — the single factor that turned an 80-minute defect into a multi-day recovery for large fleets, especially ones with encrypted drives requiring recovery keys.

03

Concentration risk compounds cost

Airlines suffered the highest per-company loss of any sector in Parametrix's estimate, not because they had more machines, but because a grounded flight cascades into crew scheduling and passenger rebooking costs for days — the same cascading-delay dynamic modeled on the airline calculator.

CrowdStrike outage, answered.

Questions that come up when citing this incident in a resilience or vendor-risk conversation.

Was this a cyberattack? No — CrowdStrike and outside investigators attributed it to a defect in a routine content update, not malicious activity.
Did Delta sue CrowdStrike? Yes — Delta pursued civil action against CrowdStrike in the months following the outage, arguing the airline's costs and disruption were disproportionate to other carriers' recovery times.
Why did Delta's costs exceed other airlines'? Delta's crew-scheduling systems were especially exposed, extending its recovery well past the initial fix — an example of how MTTR for the underlying software issue and MTTR for full operational recovery can diverge sharply.
How would this map to the calculator? Model the technical outage on the IT downtime calculator and the cascading operational impact on the airline industry calculator — together they approximate why the same incident cost so much more for an airline than a typical enterprise.

What would a vendor-caused outage cost your fleet?

Model your own device count, recovery time, and business impact using the same formula.

Mode

Accent