A cyberattack targeting check-in and boarding systems disrupted air traffic and caused delays at several of Europe's major airports overnight.
While the impact on travellers appeared to be limited, experts said the intrusion exposed vulnerabilities in security systems.
The disruptions to electronic systems initially reported at Brussels, Berlin's Brandenburg, and London's Heathrow airports meant that only manual check-in and boarding was possible. Many other European airports said their operations were unaffected.
"There was a cyberattack on Friday night 19 September against the service provider for the check-in and boarding systems affecting several European airports including Brussels Airport," said Brussels Airport in a statement, initially reporting a "large impact" on flight schedules.
Commuter chaos as attack forces airlines to resort to manual check-in - watch on TVNZ+
Airports said the issue centred around a provider of check-in and boarding systems — not airlines or the airports themselves.
Collins Aerospace, whose systems help passengers check themselves in, print boarding passes and bag tags and dispatch their luggage from a kiosk, cited a "cyber-related disruption" to its MUSE (Multi-User System Environment) software at "select airports".
‘A very clever cyberattack’
It was not immediately clear who might be behind the cyberattack, but experts said it could turn out to be hackers, criminal organisations, or state actors.
Travel analyst Paul Charles said he was “surprised and shocked” by the attack that has affected one of the world's top aviation and defence companies.
He said, "it's deeply worrying that a company of that stature who normally have such resilient systems in place have been affected.”
“This is a very clever cyberattack indeed because it’s affected a number of airlines and airports at the same time — not just one airport or one airline, but they’ve got into the core system that enables airlines to effectively check in many of their passengers at different desks at different airports around Europe,” he told Sky News.
As the day wore on, the fallout appeared to be contained.
Brussels Airport spokesperson Ihsane Chioua Lekhli told broadcaster VTM that by mid-morning, nine flights had been cancelled, four were redirected to another airport and 15 faced delays of an hour or more.
She said it wasn’t immediately clear how long the disruptions might last.
Axel Schmidt, head of communications at the Brandenburg airport, said that by late morning, “we don’t have any flights cancelled due to this specific reason, but that could change.”
The Berlin airport said operators had cut off connections to affected systems.
Heathrow, Europe’s busiest airport, said the disruption has been “minimal” with no flight cancellations directly linked to the problems afflicting Collins. A spokesperson would not provide details as to how many flights have been delayed as a result of the cyberattack.
The airports advised travellers to check their flight status and apologised for any inconvenience.
Frustration at the counters
Some passengers voiced annoyance at the lack of staff.
With many, if not most, checking in individually, airlines have reduced the number of people operating at the traditional check-in counters.
Maria Casey, who was on her way to a two-week backpacking holiday in Thailand with Etihad Airways, said she had to spend three hours at baggage check-in at Heathrow’s Terminal 4.
“They had to write our baggage tabs by hand,” she said. “Only two desks were staffed, which is why we were cheesed off.”
Collins, an aviation and defence technology company that is a subsidiary of RTX Corp., formerly Raytheon Technologies, said it was “actively working to resolve the issue and restore full functionality to our customers as quickly as possible.”
“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” it said in a statement.
Airline industry is vulnerable through the use of third-party platforms
Still, experts said the attack pointed to vulnerabilities — ones that hackers are increasingly trying to exploit.
Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, said the aviation industry has become an “increasingly attractive target” for cybercriminals because of its heavy reliance on shared digital systems.
“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” she said.
“When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders.”
Experts said it was too early to tell who might be behind the attack, and were trying to read some clues.
“It looks almost more like vandalism than extortion, based on the information we have,” said James Davenport, a professor of information technology at the University of Bath in England.
“I think significant new details would have to emerge to change this view.”
SHARE ME