Cyberattack Cripples European Airport Systems

‍LONDON — A major cyberattack has targeted the check-in and boarding systems at several large European airports, resulting in significant travel disruptions, including the cancellation and delay of flights at affected hubs. 

The incident began on the evening of September 19 and primarily affected systems provided by Collins Aerospace, a major third-party aviation IT services provider supporting multiple airlines and airports.

Impacted Airports and Operations

• Brussels Airport: Reports show at least 9-10 flight cancellations and 15-17 delays exceeding an hour by Saturday morning at BRU. Check-in desks reverted to manual processes, including hand-writing baggage tags, causing long queues and further delays.
• London Heathrow: Widespread delays were reported across departing flights at LHR, with over 100 flights departing late by early Saturday, and extensive manual check-in operations were implemented to replace automated systems. However, Heathrow reported the disruption as "minimal" in terms of cancellations later in the morning.
• Berlin Brandenburg: BER experienced longer wait times and manual check-in, with at least 15 flights affected; no large-scale cancellations occurred, but extensive delays were reported.
• Frankfurt: FRA was not affected by the incident and maintained regular operations.

Scope, Response

The issue was traced back to a cyberattack on Collins Aerospace's passenger processing software, affecting the check-in, boarding, and baggage drop at multiple airports simultaneously. Manual workarounds allowed partial continuation of operations, but capacity was reduced and crowding occurred.

Eurocontrol advised airlines to reduce flights to/from Brussels by 50% between the early hours of Saturday and early Sunday to manage the airport’s limited operational capability.

There has been no public attribution of the attack to a specific threat actor yet. Official statements indicate that Collins Aerospace and other airport IT teams are actively working to restore systems and contain the issue.

Passengers scheduled to fly today were strongly advised by all affected airports to confirm their flight status with their airline before arriving at the airport and to allow extra time for all procedures.

Some flights have been redirected to nearby airports when feasible, and rebooking processes are underway where necessary.

Expert Comments

Experts note that this event highlights the vulnerability of modern, interconnected aviation infrastructure to cyber threats, as increased digitalization now creates significant systemic risks.

No precise estimate was given for full resolution, but teams are working “as quickly as possible” to restore normal operations. Cybersecurity experts from KnowBe4 have provided the following commentary.

Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4:

"More information has come to light: Dublin airports have also been affected, and a ransomware demand was made. This does not mean the motivation could not also have been sabotage, but one motivation is now clear: extortion.

We still need more information to actually understand the true impact and ramification of the attack.

The EU is still investigating the attack while the impact is widespread. We should not expect the EU to determine the source as early. That is because there is still a lack of clarity since authorities and corporations have confusing messaging. The NCSC is investigating a cyber incident. Collins Aerospace is talking about a cyber-related disruption. We require more transparency before we can make meaningful conclusions as to who is behind this and what their benefits are.

Organizations must ready themselves, as the incident highlights the urgency of protecting organizations and enforcing supply chain security. NIS2 and other regulations are more important than ever."

Javvad Malik, Lead Security Awareness Advocate at KnowBe4:

"Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds.

It's why it's important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding, and accessible contingencies, with cross‑trained staff and basic tools ready.

Reduce single points of failure by diversifying providers where feasible, segmenting tenants, and ring‑fencing critical functions so one vendor outage doesn’t halt everyone. Above all, communicate clearly and often, prioritize vulnerable passengers, and empower frontline teams to make humane decisions."

Airport OTP Hit

According to aviation analytics company Cirium, Brussels Airport is bearing the brunt of the impact, with 10.66% of flights canceled and only 42% of departures leaving within one hour of schedule. Berlin is also experiencing delays, though less severely, with 1.74% of flights canceled and just 66.67% departing within an hour.

Elsewhere, most hubs remain resilient despite delays. London Heathrow, Frankfurt, Paris Charles de Gaulle, and Munich are reporting cancellation rates under 2%, while Rome Fiumicino, Dublin, and Milan Malpensa continue to see more than 90% of flights depart within one hour.

Cirium’s data highlights significant schedule pressure, with “D14” representing flights pushing back within 15 minutes of schedule, and “D60” within 60 minutes.