Cyberattack disrupts check-in systems at major European airports

Key Points

• A cyberattack disrupted check-in and boarding systems at several major European airports, notably Brussels, Berlin's Brandenburg, and London's Heathrow, leading to delays and manual operations.
• The attack targeted Collins Aerospace, a provider of check-in systems, affecting only electronic processes and allowing manual check-in to continue.
• By mid-morning on the day of the attack, Brussels reported nine cancellations and several delays, while other airports like Heathrow experienced minimal disruption with no flight cancellations directly linked to the issue.
• Collins Aerospace is working to resolve the disruption quickly and restore full functionality to its customers, assuring that the impact remains limited to electronic operations.

LONDON (AP) — A cyberattack targeting check-in and boarding systems disrupted air traffic and caused delays at several of Europe’s major airports on Saturday.

While the impact on travelers appeared to be limited, experts said the intrusion exposed vulnerabilities in security systems.

The disruptions to electronic systems initially reported at Brussels, Berlin's Brandenburg and London's Heathrow airports meant that only manual check-in and boarding was possible. Many other European airports said their operations were unaffected.

“There was a cyberattack on Friday night 19 September against the service provider for the check-in and boarding systems affecting several European airports including Brussels Airport,” said Brussels Airport in a statement, initially reporting a “large impact” on flight schedules.

Airports said the issue centered around a provider of check-in and boarding systems — not airlines or the airports themselves.

Collins Aerospace, whose systems help passengers check themselves in, print boarding passes and bag tags and dispatch their luggage from a kiosk, cited a “cyber-related disruption” to its MUSE (Multi-User System Environment) software at “select airports.”

‘A very clever cyberattack’

It was not immediately clear who might be behind the cyberattack, but experts said it could turn out to be hackers, criminal organizations, or state actors.

Travel analyst Paul Charles said he was “surprised and shocked” by the attack that has affected one of the world's top aviation and defense companies.

He said "it's deeply worrying that a company of that stature who normally have such resilient systems in place have been affected.”

“This is a very clever cyberattack indeed because it’s affected a number of airlines and airports at the same time — not just one airport or one airline, but they’ve got into the core system that enables airlines to effectively check in many of their passengers at different desks at different airports around Europe,” he told Sky News.

As the day wore on, the fallout appeared to be contained.

Brussels Airport spokesperson Ihsane Chioua Lekhli told broadcaster VTM that by mid-morning, nine flights had been canceled, four were redirected to another airport and 15 faced delays of an hour or more. She said it wasn’t immediately clear how long the disruptions might last.

Axel Schmidt, head of communications at the Brandenburg airport, said that by late morning, “we don’t have any flights canceled due to this specific reason, but that could change.” The Berlin airport said operators had cut off connections to affected systems.

Heathrow, Europe’s busiest airport, said the disruption has been “minimal” with no flight cancellations directly linked to the problems afflicting Collins. A spokesperson would not provide details as to how many flights have been delayed as a result of the cyberattack.

The airports advised travelers to check their flight status and apologized for any inconvenience.

Frustration at the counters

Some passengers voiced annoyance at the lack of staff. With many, if not most, checking in individually, airlines have reduced the number of people operating at the traditional check-in counters.

Maria Casey, who was on her way to a two-week backpacking holiday in Thailand with Etihad Airways, said she had to spend three hours at baggage check-in at Heathrow’s Terminal 4.

“They had to write our baggage tabs by hand,” she said. “Only two desks were staffed, which is why we were cheesed off.”

Collins, an aviation and defense technology company that is a subsidiary of RTX Corp., formerly Raytheon Technologies, said it was “actively working to resolve the issue and restore full functionality to our customers as quickly as possible.”

“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” it said in a statement.

Airline industry is vulnerable through the use of third-party platforms

Still, experts said the attack pointed to vulnerabilities — ones that hackers are increasingly trying to exploit.

Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, said the aviation industry has become an “increasingly attractive target” for cybercriminals because of its heavy reliance on shared digital systems.

“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” she said. “When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders.”

Experts said it was too early to tell who might be behind the attack, and were trying to read some clues.

“It looks almost more like vandalism than extortion, based on the information we have,” said James Davenport, a professor of information technology at the University of Bath in England. “I think significant new details would have to emerge to change this view.”

___

Keaten reported from Lyon, France.