On 19 July 2024, CrowdStrike released a faulty content configuration update (Channel File 291) to Windows systems running the CrowdStrike Falcon endpoint detection and response sensor, causing approximately 8.5 million Windows devices worldwide to crash into a Blue Screen of Death (BSOD) and enter a continuous reboot loop. The update was deployed between 04:09 and 05:27 UTC. The impact was unprecedented in scale: airlines including Delta, United, and American grounded flights; hospitals cancelled surgeries and appointments; banks and financial services went offline; emergency services were disrupted; broadcasters (Sky News in the UK) went off-air; and businesses worldwide were crippled. Delta Air Lines alone reported a $500 million financial impact and cancelled over 7,000 flights. Recovery required manual intervention on each affected device, including booting into Safe Mode and deleting the problematic file — a process that took hours per machine and days across enterprise environments. CrowdStrike CEO George Kurtz issued a public apology. The incident was not a cyberattack or breach — no data was stolen or compromised — but it was treated as a critical cyber incident given its global impact, supply chain nature (a security tool causing mass outage), and demonstration that widely-deployed security software is itself critical infrastructure. Microsoft estimated the financial cost to the Fortune 500 at $5.4 billion. A faulty test validation process for rapid channel file updates was identified as the root cause. CrowdStrike subsequently settled with Delta and promised customers $10 million in credits.