A cyberattack on a shared check-in and boarding system disrupted air travel across Europe on Saturday, grounding flights and pushing staff back to manual processes.
The incident exposed just how dependent modern aviation has become on shared digital infrastructure, and how a single point of failure can ripple across borders.
Brussels, Berlin’s Brandenburg, and London’s Heathrow airports were among the first to report problems, forcing staff to revert to manual check-in and boarding procedures. Other airports across Europe said they remained unaffected.
“There was a cyberattack on Friday night 19 September against the service provider for the check-in and boarding systems affecting several European airports including Brussels Airport,” Brussels Airport said in a statement, initially reporting a “large impact” on flight schedules.
Collins Aerospace, the RTX Corp subsidiary providing the disrupted systems, confirmed the incident and said it was “actively working to resolve the issue and restore full functionality to our customers as quickly as possible.”
The company emphasized that the disruption was limited to electronic check-in and baggage drop and could be mitigated through manual operations.
By mid-morning, Brussels Airport spokesperson Ihsane Chioua Lekhli told broadcaster VTM that nine flights had been cancelled, four were diverted, and at least 15 faced delays of more than an hour. She said it was unclear how long the disruption might last.
At Berlin Brandenburg, Axel Schmidt, the airport’s head of communications, said, “we don’t have any flights cancelled due to this specific reason, but that could change.” Heathrow, Europe’s busiest hub, described the impact as “minimal,” with no cancellations directly linked to the cyberattack.
A Wake-Up Call for Aviation Security
While the operational impact was limited, cybersecurity experts warned that the attack highlights systemic risks.
Darren Guccione, CEO and Co-Founder at Keeper Security, said the incident “highlights how interconnected global transportation has become and how dependent it is on shared digital infrastructure. A technical incident with a single provider can quickly cascade across multiple airports, which is why resilience, security and visibility are critical.” He stressed the need for zero trust models and privileged access controls, noting that “adversaries understand that targeting widely used technology services can result in outsized impact.”
A Soft Target for Cybercriminals
“This once again highlights a growing concern that critical infrastructure is a soft target for cybercriminals,” says Dave Gerry, CEO at Bugcrowd. “Whether nation-state actors looking to influence national interests or a criminal organization looking to cause mass panic and chaos, disruptions to services leveraged by millions represent a growing threat.” He urged governments and the private sector to coordinate closely on resilience.
Krishna Vishnubhotla, Vice President of Product Strategy at Zimperium, pointed to aviation’s growing reliance on mobile devices, describing them as “high-value targets” for attackers. “With more than 70% of aviation cybersecurity solutions now cloud-hosted, it’s critical that mobile security be treated as a foundational layer.”
“Thousands of travelers across Europe are feeling the impact of today’s disruption, and that human toll is what makes incidents like this so concerning,” says Anne Cutler, Cybersecurity Evangelist at Keeper Security. “This event is a reminder that cyber risk isn’t abstract. It delays families, disrupts business and erodes confidence in critical services.”
Javvad Malik, Lead Security Awareness Advocate at KnowBe4, stressed that resilience is as much about people and process as technology: “Air travel depends on shared systems, so a failure in a common check-in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds. Resilience isn’t just cyber controls, it’s people, process, and communications.”
A Growing Pattern
The incident adds to a growing list of cyberattacks against critical services, from hospitals and energy grids to defence contractors and retailers. Investigators have not yet attributed the European airport disruption to a specific group or motive, but experts warned that opportunistic actors may seek to exploit the situation.
As Europe’s air travel network recovers from Saturday’s delays, the attack is another warning that digital infrastructure underpinning global transportation remains a vulnerable and lucrative target.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.