The recent global IT outage caused by a faulty update to CrowdStrike’s security software has prompted Malaysia’s digital minister to seek compensation for affected companies. The incident, which occurred on July 20, disrupted services worldwide, including at Terminal 2 of Kuala Lumpur International Airport. The Digital Minister, Gobind Singh Deo, clarified that the outage was not a cyberattack but a failure on the part of CrowdStrike, affecting multiple sectors, including aviation, banking, and healthcare.
Gobind Singh Deo stated that the Malaysian government is actively seeking answers from Microsoft and CrowdStrike. He emphasized the importance of maintaining high standards to prevent such incidents in the future and indicated that the government has introduced new legislation to enhance cybersecurity. He reassured the public that no data was stolen during the outage and that affected government agencies have returned to normal operations.
The IT outage affected five Malaysian government agencies: the Ministry of Transport, the Education Ministry, the Ministry of Rural and Regional Development, the National Health Institute, and Lembaga Zakat Kedah. Additionally, nine companies across various sectors, including aviation, banking, and healthcare, experienced disruptions. The full extent of the financial losses incurred has yet to be determined.
Gobind Singh Deo has called on Microsoft and CrowdStrike to provide a comprehensive report on the incident and to take measures to prevent future outages. He also urged the companies to consider compensating those who suffered losses. The government is prepared to assist with claims where possible.
In a related development, the chief executive of Malaysia’s Capital A, the operator of AirAsia, has expressed that airlines affected by the IT outage deserve compensation for their losses. This sentiment echoes the broader call for accountability and compensation for the disruptions caused.
Gobind Singh Deo also warned the public about phishing attempts by individuals exploiting the situation to steal personal information. He highlighted the emergence of new domains created by unscrupulous individuals to conduct phishing activities. The government is taking this matter seriously and has introduced improvements to digital platform management systems through the Cyber Security Act 2024 and amendments to the Personal Data Protection Act.
This incident underscores the critical need for robust cybersecurity measures and effective response plans to mitigate the impact of such outages on vital services and industries.