Last week, cybersecurity giant CrowdStrike became the center of attention for all the wrong reasons. A faulty software update from the company triggered widespread system crashes, leaving millions of computers worldwide inoperable. In an unexpected move, CrowdStrike offered its partners a seemingly modest apology: a $10 Uber Eats gift card. This gesture, intended to smooth over the disruption, has instead sparked debate and raised questions about the appropriateness of such a response to a significant cybersecurity blunder.
According to multiple reports and a source directly involved, CrowdStrike distributed these digital gift cards as a token of apology for the “additional work” caused by the July 19th incident. An email sent to partners, purportedly from Chief Business Officer Daniel Bernard, acknowledged the inconvenience and expressed “heartfelt thanks and apologies.” The email, screenshots of which circulated on social media platforms like X (formerly Twitter), playfully suggested the gift card was for a “cup of coffee or late night snack.”
A screenshot of the email sent to partners by CrowdStrike after the July 19 incident showing an Uber Eats gift card offer for apology of the global outage
However, the initial goodwill, if any, was short-lived. Reports soon emerged that many recipients encountered error messages when attempting to redeem their Uber Eats gift card vouchers. The Uber Eats platform itself indicated that the gift cards “had been canceled by the issuing party and is no longer valid.” CrowdStrike spokesperson Kevin Benacci confirmed the gift card distribution but attributed the cancellation to Uber flagging the offer as fraudulent due to “high usage rates.”
The incident that prompted this unusual apology was far from trivial. On Friday, July 19th, a flawed CrowdStrike update wreaked havoc, rendering approximately 8.5 million Windows devices unusable, according to Microsoft. The faulty update led to the dreaded “blue screen of death” (BSOD), effectively crashing systems and causing widespread disruption.
The consequences of this cybersecurity misstep were felt globally. Airports in major cities like Amsterdam, Berlin, Dubai, and London, as well as across the United States, experienced significant delays. Hospitals were forced to postpone non-urgent surgeries, and numerous businesses faced paralysis due to the IT outage. The scale of the disruption underscored the critical reliance on cybersecurity software and the potential impact of even a single error.
CrowdStrike has been actively working to rectify the situation and understand the root cause of the update failure. The company has consistently published updates on its remediation efforts. In a statement, CrowdStrike explained that a bug in the validation process allowed “problematic content data” to pass through and be released in the update.
Adding to the apologies conveyed through the Uber Eats gift card, CrowdStrike CEO George Kurtz and Chief Security Officer Shawn Henry issued more formal apologies. Kurtz emphasized the company’s commitment to transparency and preventing future incidents, acknowledging the erosion of trust caused by the outage. Henry, in a LinkedIn post, expressed deep regret, stating that the event marked the “most challenging 48 hours” of his career and recognizing the significant loss of customer confidence.
While the Uber Eats gift card might have been intended as a lighthearted apology, it arguably missed the mark given the severity of the global disruption caused by CrowdStrike’s faulty update. The subsequent cancellation of the gift cards further compounded the issue, leaving partners and customers questioning the sincerity and adequacy of the company’s response to a serious cybersecurity failure. The incident serves as a stark reminder of the importance of robust software testing and the critical need for transparency and accountability in the cybersecurity industry.
