On 19 July 2024, a faulty software update from the cybersecurity company CrowdStrike caused millions of Windows computers to crash simultaneously around the world. The failure brought airlines, banks, hospitals, and broadcasters to a standstill, and led to the cancellation of more than 5,000 flights globally in a single day.
What happened
CrowdStrike is a cybersecurity company whose software is used by many large organisations to protect their computer systems. On the morning of 19 July, the company released a routine update to its Falcon security software. The update contained a fault that caused Windows computers to crash and display the “blue screen of death” — an error screen that forces the computer to restart. Because many airlines and airports use the same security software, the failure hit aviation systems around the world at almost the same time.
Airports in the United States, Europe, Australia, and Asia were affected. Airlines lost access to booking systems, check-in platforms, and crew-scheduling tools. American Airlines, United Airlines, and Delta Air Lines all issued ground stops — temporary halts to all departures — shortly after the outage began. In total, more than 2,300 flights were cancelled on 19 July alone, with a further 6,500 delayed.
Delta Air Lines was hit far harder than its competitors. While most airlines restored normal operations within hours, Delta’s systems took five days to recover fully. The airline cancelled approximately 7,000 flights over that period, affecting around 1.3 million passengers. Delta’s particular setup meant that restoring its systems was significantly more complex than for other carriers.
Why it matters
The CrowdStrike outage showed how much the aviation industry now depends on digital infrastructure. A single software update — not a weather event, a cyber attack, or equipment failure — was enough to ground thousands of aircraft worldwide. It also demonstrated the risk of many airlines relying on the same supplier: when one piece of software fails, the disruption can be immediate and industry-wide.
For passengers, the event highlighted the difficulty of getting help when an airline’s own systems go down. Long queues, a lack of information, and overwhelmed customer service teams left many travellers stranded for days with little support.
What comes next
The US Department of Transportation opened an investigation into how Delta handled stranded passengers during the disruption. Delta also announced plans to pursue legal action against CrowdStrike, with the airline estimating its losses at around $500 million. The incident prompted airlines and airport operators to review their IT resilience plans and their dependence on single software vendors. Regulators began asking whether the aviation sector needed stronger rules around technology risk management to prevent a similar event from causing such widespread disruption in the future.
Key vocabulary:
- cybersecurity – the practice of protecting computer systems and networks from digital attacks or unauthorised access
- software update – a new version of a computer programme, usually released to fix problems or improve security; in this case, the update itself caused the problem
- ground stop – an instruction that temporarily halts all departing flights from an airline or airport, usually issued during emergencies or system failures
- digital infrastructure – the computer systems, networks, and software that organisations rely on to operate their services
- IT resilience – an organisation’s ability to keep its systems running, or to recover quickly, when technology fails
- stranded – left in a location without a way to continue travelling, due to a cancellation or unexpected delay
CEFR Level B1-B2 / ICAO Level 4-5