Widespread tech outage disrupts real life; DMV offices, medical appointments, businesses, flights at JFK and LaGuardia upended

A tech outage caused by a glitch in a cybersecurity software update caused upheaval across Long Island and around the globe, stranding travelers at airports, knocking out scheduling systems at the LIRR, canceling medical procedures and disrupting financial transactions.

By Friday afternoon, the impacts of the historic outage were subsiding, and government officials in the region emphasized that the most critical of services — including Long Island's 911 systems — were not in danger.

Still, the software bug affecting Microsoft systems crippled multiple facets of American life — delaying and canceling flights, snarling operations at DMV offices, and impeding access to medical appointments.

"The scale of this is probably unprecedented," said Nick Nikiforakis, a Stony Brook University professor of computer science who specializes in cybersecurity. "Things have gone wrong in the past with software updates, but because of the market penetration of that company essentially in the world, you have systems going down everywhere."

The global disruptions, discovered just before 1 a.m. Friday, originated in a software bug by cybersecurity firm CrowdStrike and affected systems using Microsoft 365 apps and services.

By the morning rush hour, the massive scale of the outage was apparent. Digital display signs at airports, train stations and in Times Square showed a blue screen with the word "Recovery" and information about Windows not loading correctly.

Disruptions quickly mounted at airports, including in New York. LaGuardia Airport reported 213 flight cancellations and 431 delays from midnight to about 6 p.m., according to FlightAware.com, which tracks service conditions. At John F. Kennedy Airport, there were 410 delays, and 102 cancellations. 

At JFK Airport, Delta’s Re-Ticketing Assistance counter line was long Friday morning, with hundreds of stuck passengers and their luggage. Upstairs, before the security checkpoint, Suzi Beers, of Stuart, Florida, 77, and her partner, Bill Lichtenberger, 88, said they left Connecticut Friday morning to catch an 11:25 a.m. flight out of JFK to Seattle. From there, they were supposed to fly to Alaska for an expedition cruise. That first flight was delayed until 5:20 p.m.

"There's nothing you can do," Beers said, adding: "I think this Microsoft thing has thrown everybody for a loop."

Train travelers, too, were hit by the outage, which affected "customer-facing systems" at the Long Island Rail Road, according to LIRR President Robert Free. That included countdown clock screens at stations and the TrainTime app, which, throughout the morning commute, could not be used for real-time information on service or to buy tickets.

The issue also affected electronic handheld devices used by LIRR conductors, impacting their ability to sell tickets on trains. Systems were largely restored by the afternoon, and Free said the outage had "no bearing at all" on LIRR train service.

"We prioritized everything to make sure, at the end of the day, we provided safe, normal service," Free said.

New York City subways were also affected well into the afternoon hours, with the MTA advising customers that digital systems may display inaccurate information on arrival times and the status of elevators.

Long lines formed at airports across the globe as airlines lost access to check-in and booking services during peak summer travel — disrupting thousands of flights. Banks in South Africa and New Zealand reported outages impacting payments. Some news stations, particularly in Australia, were unable to broadcast for hours. And hospitals had problems with their appointment systems.

Elsewhere, people experienced more minor inconveniences, including trouble ordering ahead at Starbucks, causing long lines at some of the coffee chain’s stores.

CrowdStrike CEO apologizes

Speaking to NBC News on Friday morning, CrowdStrike CEO George Kurtz said the problem stemmed from a "single content" system update that included a software bug impacting some, but not all, Microsoft operating systems. 

"We identified this very quickly and remediated this issue," Kurtz said. "We’re deeply sorry for the impact that we’ve caused to travelers, to customers, to anybody affected by this."

Gov. Kathy Hochul told reporters on Friday morning that CrowdStrike had shared a fix with New York's Office of Technology. Though staff was "working as quickly as possible" to install the repair, Hochul said there was no time estimate for how long it would take to fully restore all state government systems, including at the state's Department of Motor Vehicles.

The DMV office in Hauppauge came to a standstill on Friday morning. Customers were streaming into the state office building where the DMV is located, only to be turned away by workers who said all their systems were down.

Reactions ranged from irritation to resignation over the vagaries of the digital age.

"What a mess," said Eric Bammann, 63, of Sound Beach, who was at the DMV to turn in license plates. "All the computer geeks — you would think they could figure it out. "

Hochul said in situations where someone’s driver’s license or vehicle inspection expired Friday, the state will grant maximum flexibility so that no one is penalized because of the outage.

At a City Hall news conference, New York Mayor Eric Adams emphasized that "this was not a cyberattack," but rather the result of CrowdStrike sending out "an update that inadvertently took systems offline."

New York City Chief Technology Officer Matt Fraser assured the public that essential services were not impacted. "However, there are other services that are in the city that may be impacted," he said. "So, if you go in to file for a permit or you go in to request some other service; you got to pay a bill online like a water bill or a parking ticket, you might find yourself in a position where those services may be offline temporarily."

Several local governments on Long Island were also impacted by the outage. Residents in Suffolk County, which was hit hard by a 2022 cyberattack that lasted for months, again saw its online systems temporarily downed Friday morning. 

Mike Martino, spokesman for County Executive Edward Romaine, stressed that emergency services were not impacted by the glitch and that a "quick response" by county IT staff minimized any other service impacts to residents. As of about 8:50 a.m. the county website was up and running, Martino said.

Nassau County experienced "the same nationwide outages that are affecting much of the United States," according to County Executive Bruce Blakeman.

"We are working closely with our cybersecurity consultant and our county department of IT to resolve any system issues that have arisen," Blakeman said in a statement. "At no time was Public Safety in jeopardy and there is redundancy built into our 911 system to ensure all emergency communications are received."

Health care impacts

Long Island health care providers also saw varying impacts from the outage.

Dr. David Podwall, a neurologist practicing in Lake Success, woke up to find his practice’s electronic health records system down. He couldn’t access charts or a schedule of who was coming in when, and said he might have needed to reschedule 10 to 12 MRI scans. Regional doctors discussed their own disruptions in text threads on Friday morning, said Podwall, the immediate past president of the Nassau County Medical Society.

"A hiccup in one code could cause millions of people to have delayed health care," he said. "There’s no way that that’s a rational system."

A spokesperson for the New Hyde Park-based Northwell Health, the state's largest health care system, said the organization "implemented standard emergency response procedures to ensure the continued quality of care and safety of our patients" as it dealt with "sporadic technology impacts."

Officials at Memorial Sloan Kettering Cancer Center in Manhattan said they had to pause all procedures that require anesthesia earlier in the day, due to the outage. That pause ended in the late morning.

Joe Calderone, spokesman for Mount Sinai South Nassau Hospital, said hospital operations were continued, "utilizing backup systems to perform essential functions." 

Smaller health systems initially appeared to be facing more issues, since most large organizations have backup systems, according to Dr. Leslie Marino, head of the Suffolk Medical Society. By Friday afternoon, Marino said many groups were regaining access to their systems, and that there didn’t seem to be widespread issues getting prior authorizations or prescriptions to pharmacies.

Credit card transaction outages

The glitch also got between some New Yorkers and their money. Several companies and government offices reported being unable to process credit card transactions because of the outage, which impacted multiple banks.

Bank of America, Capital One, Chase Bank, TD Bank, Visa and Wells Fargo were among the banks and financial services companies that saw a spike in user reports of outages on Friday, according to personal finance site NerdWallet, which cited data from the website Downdetector.

Some employers reported having other administrative functions disrupted, and ADP, the giant payroll processor based in New Jersey, told at least one user of its Account Connect online system that it was "down for maintenance."

The state’s employment insurance system and one of its telephone lines were unavailable to New Yorkers early Friday.

The company at the center of the disruption, CrowdStrike, apparently rolled out an update massively before testing it out on a smaller number of users, Nikiforakis said.

"You don’t just push it to 100% of your user base at once, because you see what happens if something is wrong," he said. If the company had done a staggered rollout, "then you would have had only one percent of the machines crashing, instead of what appears 100% of the machines."

"Clearly they messed up," said Nikiforakis, adding that the meltdown underscores how interconnected the world is in the computer age, from banks to airlines to stores, especially when there is a "monoculture" that encourages the use of a single widely used product, he said.

Kurtz, the CrowdStrike CEO, said the company sent out the faulty software update in an effort to "stay one step ahead of the adversaries."

Dan Ford, chief information security officer at Jovia Financial Credit Union in Westbury, said the company acted fast during the early morning hours to make sure customers had access to ATMs and online banking portals by 7 a.m.

Ford said he would be weighing the value CrowdStrike has provided through its prevention of ransomware attacks against this week’s incident when the contract ends.

"If you're doing a home project, you measure twice, cut once," Ford said. "They didn't measure twice before they cut. They just went, ‘Well, this seems like it's going to be good enough’ and deployed," Ford said. "In cybersecurity, the number one tenet is really about trust. That's been broken with a lot of organizations."