LONDON (AP) — A significant cyberattack targeting check-in and boarding systems has disrupted air traffic and caused delays at several of Europe’s major airports on Saturday. Although the impact on travelers seems limited, experts warn that this incident has exposed critical vulnerabilities in security systems across the aviation industry.
The disruptions were initially reported at Brussels, Berlin’s Brandenburg, and London’s Heathrow airports, which meant that only manual check-in and boarding were feasible. Other European airports reported that their operations remained unaffected. The UK government has ordered an investigation into the incident following concerns about energy resilience after the Heathrow shutdown.
"There was a cyberattack on Friday night, September 19, against the service provider for the check-in and boarding systems affecting several European airports including Brussels Airport," stated the airport in a press release, initially indicating a "large impact" on flight schedules.
The issue appears to be linked to a specific provider of check-in and boarding systems rather than the airlines or the airports themselves. Collins Aerospace, which provides technology that facilitates passenger check-in, printing of boarding passes, and baggage tagging, acknowledged a “cyber-related disruption” to its MUSE (Multi-User System Environment) software at “select airports.”
Travel analyst Paul Charles expressed surprise at the attack's scale, emphasizing that it has impacted one of the world’s leading aviation and defense companies. “It’s deeply worrying that a company of that stature, who normally have such resilient systems, has been affected,” he noted.
Experts are still determining the perpetrators behind this cyberattack, speculating it could involve hackers, criminal organizations, or state actors. Charles described the attack as “very clever,” as it impacted multiple airlines and airports simultaneously, rather than just a single entity.
As the day progressed, the fallout seemed to be contained. A spokesperson for Brussels Airport, Ihsane Chioua Lekhli, reported that by mid-morning, nine flights had been canceled, four were redirected, and 15 faced delays of over an hour. However, the duration of the disruptions remained uncertain.
At Berlin’s Brandenburg Airport, communications head Axel Schmidt indicated that no flights had been canceled due to the cyber incident by late morning, although this situation could change. Heathrow, the busiest airport in Europe, reported minimal disruption, with no cancellations directly linked to the cyberattack.
Despite the limited overall impact, many passengers expressed frustration over the reduced staff levels at check-in counters. With many travelers checking in individually, airlines have decreased the number of personnel at traditional check-in points. One traveler, Maria Casey, shared her experience of waiting three hours at baggage check-in at Heathrow’s Terminal 4, where baggage tags had to be written by hand due to the disruption.
Collins Aerospace, a subsidiary of RTX Corp. (formerly Raytheon Technologies), stated that they are “actively working to resolve the issue” and restore full functionality as quickly as possible. The company reassured that the impact was limited to electronic customer check-in and baggage drop, which could be managed through manual operations.
Experts highlighted that this attack underscores the vulnerabilities within the aviation sector, which has become an appealing target for cybercriminals due to its reliance on shared digital platforms. Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, noted that these attacks often penetrate through the supply chain, impacting third-party platforms used by multiple airlines and airports simultaneously.
“When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders,” she explained.
While it remains too early to identify who might be behind this cyberattack, experts are analyzing available information for clues. James Davenport, a professor of information technology at the University of Bath, remarked that the attack appears more akin to vandalism than extortion based on current evidence, but he emphasized that significant new details could alter this assessment.
As the investigation unfolds, both travelers and aviation stakeholders remain alert to the implications of this cyber incident on future security protocols and operational resilience in the industry.
