London24NEWS

Airlines DON’T should pay for disruption attributable to IT outage

Airlines are unlikely to have to pay out compensation for cancelled and delayed flights caused by the CrowdStrike outage that crippled 8.5million Windows computers across the world.

The Civil Aviation Authority (CAA), the UK’s air passenger watchdog, wrote to airlines on Friday to say that it believed the global IT meltdown was likely to be viewed as ‘extraordinary circumstances’ exempt from standard refund policies.

However, it has warned flight operators to expect potential legal action from passengers or groups representing travellers if they try to claim compensation directly, only to be denied it because of the new guidance.

Passengers would not, however, be denied the reimbursement of expenses such as unexpected hotel and food costs related to the delay – but they would be unable to claim further compensation under standard EU rules. 

Airlines could, in theory, claim some damages back from CrowdStrike, the Texas-based cybersecurity firm responsible for the botched update that took down millions of computers on Friday – and may have negotiated terms with the company.

Have YOU been affected by the outage? Email [email protected] 

Huge queues of holidaymakers at London Gatwick Airport following the global IT outage caused by CrowdStrike software

Huge queues of holidaymakers at London Gatwick Airport following the global IT outage caused by CrowdStrike software

Passengers at Stansted Airport are left in chaos and without flight information following the worldwide IT failure

Passengers at Stansted Airport are left in chaos and without flight information following the worldwide IT failure 

Millions of users and businesses worldwide were faced with the 'blue screen of death' on Friday as systems were crippled by the outage

Millions of users and businesses worldwide were faced with the ‘blue screen of death’ on Friday as systems were crippled by the outage

Railway services still faced disruption in the UK on Saturday. Pictured: A South Western Railway ticket machine put out of action due to the outage

Railway services still faced disruption in the UK on Saturday. Pictured: A South Western Railway ticket machine put out of action due to the outage

Sky News temporarily went off air on Friday morning due to the outage, with viewers faced with this message apologising for 'the interruption to this broadcast'

Sky News temporarily went off air on Friday morning due to the outage, with viewers faced with this message apologising for ‘the interruption to this broadcast’

Microsoft said that it estimated 8.5million Windows devices had been affected by the outage (file photo)

Microsoft said that it estimated 8.5million Windows devices had been affected by the outage (file photo)

The CAA’s guidance puts Friday’s IT crisis into the same category of uncontrollable events such as terrorism, sabotage and disruption caused by unruly passengers, for which operators are not deemed to be responsible. 

But Paul Charles, chief executive of travel consultancy the PC Agency, told The Sunday Times of the CAA statement: ‘This outage caused untold financial and emo- tional stress to thousands of people in the UK. 

‘If the regulator can’t protect passengers in this case and agree compensation for ruined holidays, what is it truly for?’

Contract lawyers who have examined CrowdStrike’s boilerplate terms and conditions believe that airlines and other companies using its Falcon endpoint security software – responsible for the global crash – may be limited in the compensation they claim.

Flights were grounded, GP surgeries disrupted and news channels taken off air on Friday after a faulty software update by the cybersecurity company caused blue screens to appear on computers across the globe. 

But Elizabeth Burgin Waller, a cybersecurity lawyer with US firm Woods Rogers, told Business Insider the company’s standard terms limit liability to ‘fees paid’ – meaning many firms may only be able to get a refund of the money they’ve paid to the firm.

‘Even if they did cover that lost revenue or downtime, they limit the recovery against CrowdStrike to fees paid,’ she said.

While the issue of the Falcon content update has now been fixed, the impact was still being felt in the UK on Saturday, with thousands of passengers still left stranded as a result of the major outage.

In a statement this afternoon, Microsoft said it estimated the error had affected at least 8.5million machines or one per cent of Windows computers worldwide.

But the tech giant acknowledged the ‘broad economic and societal’ impact of the outage, worsened by the number of enterprises running critical services and infrastructure which rely on CrowdStrike.

Microsoft insisted that while software updates can cause disturbances, major crashes on this scale are ‘infrequent’.

In a statement issue on Saturday, Microsoft said: ‘We recognise the disruption this problem has caused for businesses and in the daily routines of many individuals. 

‘Our focus is providing customers with technical guidance and support to safely bring disrupted systems back online.

‘We’re working around the clock and providing ongoing updates and support. 

‘Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update.’

A large blue screen is shown at Madrid Barajas airport in Spain, as the major IT outage saw flights thrown into chaos worldwide

A large blue screen is shown at Madrid Barajas airport in Spain, as the major IT outage saw flights thrown into chaos worldwide

Passengers face huge queues at Madrid's Barajas airport as the global outage disrupted check in systems in the terminal

Passengers face huge queues at Madrid’s Barajas airport as the global outage disrupted check in systems in the terminal

Some Waitrose stores were forced to revert to cash only operations as cashless services on self checkouts were disabled by the crash

Some Waitrose stores were forced to revert to cash only operations as cashless services on self checkouts were disabled by the crash

A ticket machine at King's Cross Station in central London that was left out of service following the huge IT outage

A ticket machine at King’s Cross Station in central London that was left out of service following the huge IT outage 

NHS services relying on online-stored patient data including GP surgeries and prescriptions were also affected by the IT outage

NHS services relying on online-stored patient data including GP surgeries and prescriptions were also affected by the IT outage

In a statement, CrowdStrike said it was 'working with all impacted customers' to get systems up and running again

In a statement, CrowdStrike said it was ‘working with all impacted customers’ to get systems up and running again

What has been dubbed the worst IT outage the world has ever seen also affected shops, banks and even football teams, which were left unable to sell tickets online.

GP appointments were disrupted because of a failure in EMIS, the NHS England system used by surgeries and pharmacies to look up patient records, while some payroll systems using CrowdStrike may have been unable to process salaries.

On Friday, UK Government officials convened an emergency COBRA meeting amid the crisis, after major disruption was reported at several major travel hubs.

Heathrow, Gatwick and Edinburgh airports all suffered disruption in what was estimated to be the busiest day for air travel since before the Covid pandemic as families hoped to jet off on well-earned holidays.

Instead many spent the night on the floor of airport concourses as flights were grounded and airports were left with no option but to revert to manual check in procedures and paper tickets.

Other major international airports worldwide, including Amsterdam Schiphol and Dubai International, were thrown into chaos as departure screens switched off. 

The outage, which has also been branded a ‘digital pandemic’, has reignited a debate over the increasing reliance on cashless transactions.

Several major UK supermarkets including Waitrose were forced to resort to ‘cash-only’ operations in some stores, as self checkout systems went down.

Other stores, including Gail’s, Morrison’s and B&Q were unable to process contactless payments on Friday.

One of the country’s largest broadcasters, Sky News, went off air on Friday morning, leaving viewers faced with a message apologising for an interruption in transmission.

CBBC was also taken off air following the outage, with TV viewers informed ‘something’s gone wrong’.

In sport, Manchester United warned that fans would experience delays getting matchday tickets after the failure affected its systems, while the Mercedes F1 team said it was working to rectify issues ahead of the Hungarian Grand Prix.

BBC channel CBBC was taken off air due to the IT failure, as TV viewers were told 'something's gone wrong'

BBC channel CBBC was taken off air due to the IT failure, as TV viewers were told ‘something’s gone wrong’

Departure screens show dozens of delayed flights at New York's Newark Liberty airport

Departure screens show dozens of delayed flights at New York’s Newark Liberty airport

Huge crowds at Singapore's Changi airport as communications are crippled due to the IT outage

Huge crowds at Singapore’s Changi airport as communications are crippled due to the IT outage

Passengers left on the floor at Gatwick airport as several flights are either delayed or cancelled

Passengers left on the floor at Gatwick airport as several flights are either delayed or cancelled

Technology experts have compared the scale of the disruption to the that expected from Y2K or the ‘Millennium Bug’ – a computer programming shortcut that was forecast to cause chaos at the turn of the millennium in 2000 but never materialised.  

‘This is basically what we were all worried about with Y2K, except it’s actually happened this time’, security consultant Troy Hunt wrote on X.

Cyber security company CrowdStrike has admitted to being responsible for the error that hit Microsoft 365 apps and operating systems and said a ‘fix has been deployed’. 

The American firm said it was caused by a ‘defect found in a single content update’ and insisted the issue ‘was not a security incident or cyberattack’. 

In a statement the company said: ‘We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.’