A senior executive at CrowdStrike has apologised for a faulty software update that caused a global IT outage in July.
The incident led to worldwide flight cancellations and impacted industries around the globe including banks, health care, media companies and hotel chains.
The outage disrupted internet services, affecting 8.5 million Microsoft Windows devices.
Adam Meyers, senior vice president for counter adversary operations at CrowdStrike, said the company released a content configuration update for its Falcon Sensor security software that resulted in system crashes worldwide.
“We are deeply sorry this happened and we are determined to prevent this from happening again,” Mr Meyers said.
“We have undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company.”
The committee members pressed Mr Meyers on how the incident occurred in the first place, with legislators likening its impact to that of a well-planned, sophisticated cyber attack, rather than because of a “mistake” inside CrowdStrike’s software.
He said the issue was not the result of a cyberattack or prompted by AI.
Giving evidence to US legislators, Mr Meyers said: “We appreciate the incredible round-the-clock efforts that our customers and partners who, working alongside our teams, mobilised immediately to restore systems.
“We were able to bring many customers back online within hours. I can assure that we continue to approach this with a great sense of urgency.”
CrowdStrike said an “undetected error” in a software update sparked the problem.
A bug in the firm’s content validation system meant “problematic content data” was not spotted and then allowed to roll out to Microsoft Windows customers, causing the crash.
Mr Meyers said the cybersecurity firm would continue to share “lessons learned” from the incident to ensure it did not happen again.
CrowdStrike faces numerous lawsuits
Some people said CrowdStrike didn’t face such an intense grilling by the committee as other tech executives have been subjected to in recent years.
Instead, emphasis was placed on firms working with committees and government to prevent future incidents of a similar nature.
However, CrowdStrike still faces lawsuits from people and businesses impacted by the outage – it has been sued by its own shareholders as well as by US aviation giant Delta Airlines after it cancelled thousands of flights because of the system shutdown.
In the UK, the CrowdStrike outage left GPs unable to access systems that manage appointments or allow them to view patient records or send prescriptions to pharmacies – which were also widely impacted – forcing doctors to return to using pen and paper.
Meanwhile, flights were cancelled or delayed and passengers left stranded as airline systems were knocked offline or staff were forced to handwrite boarding passes and luggage tags.
Many small businesses also reported a substantial impact on their income, with some saying their websites being knocked offline by the incident cost them hundreds or even thousands of pounds in sales.
