A cyberattack targeting check-in and boarding systems disrupted air traffic and caused delays at several of Europe’s major airports on Saturday.

While the impact on travellers appeared to be limited, experts said the intrusion exposed vulnerabilities in security systems.

The disruptions to electronic systems initially reported at Brussels, Berlin’s Brandenburg and London’s Heathrow airports meant that only manual check-in and boarding was possible. Many other European airports said their operations were unaffected.

“There was a cyberattack on Friday night 19 September against the service provider for the check-in and boarding systems affecting several European airports including Brussels Airport,” said Brussels Airport in a statement, initially reporting a “large impact” on flight schedules.

Airports said the issue centered around a provider of check-in and boarding systems — not airlines or the airports themselves.

Story continues below advertisement

Collins Aerospace, whose systems help passengers check themselves in, print boarding passes and bag tags and dispatch their luggage from a kiosk, cited a “cyber-related disruption” to its MUSE (Multi-User System Environment) software at “select airports.”

‘A very clever cyberattack’

It was not immediately clear who might be behind the cyberattack, but experts said it could turn out to be hackers, criminal organizations, or state actors.

Travel analyst Paul Charles said he was “surprised and shocked” by the attack that has affected one of the world’s top aviation and defense companies.

He said “it’s deeply worrying that a company of that stature who normally have such resilient systems in place have been affected.”

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

“This is a very clever cyberattack indeed because it’s affected a number of airlines and airports at the same time — not just one airport or one airline, but they’ve got into the core system that enables airlines to effectively check in many of their passengers at different desks at different airports around Europe,” he told Sky News.

Click to play video: 'London’s Heathrow Airport resumes operations after fire sparked travel chaos'

2:08
London’s Heathrow Airport resumes operations after fire sparked travel chaos

Previous Video

Next Video

Story continues below advertisement

As the day wore on, the fallout appeared to be contained.

Brussels Airport spokesperson Ihsane Chioua Lekhli told broadcaster VTM that by mid-morning, nine flights had been cancelled, four were redirected to another airport and 15 faced delays of an hour or more. She said it wasn’t immediately clear how long the disruptions might last.

Axel Schmidt, head of communications at the Brandenburg airport, said that by late morning, “we don’t have any flights cancelled due to this specific reason, but that could change.” The Berlin airport said operators had cut off connections to affected systems.

More on World
More videos

Heathrow, Europe’s busiest airport, said the disruption has been “minimal” with no flight cancellations directly linked to the problems afflicting Collins. A spokesperson would not provide details as to how many flights have been delayed as a result of the cyberattack.

Trending Now

Toyota recalls more than 70K vehicles in Canada

Family of missing teen found dead in singer D4vd’s car speaks out

The airports advised travellers to check their flight status and apologized for any inconvenience.

Frustration at the counters

Some passengers voiced annoyance at the lack of staff. With many, if not most, checking in individually, airlines have reduced the number of people operating at the traditional check-in counters.

Maria Casey, who was on her way to a two-week backpacking holiday in Thailand with Etihad Airways, said she had to spend three hours at baggage check-in at Heathrow’s Terminal 4.

Story continues below advertisement

“They had to write our baggage tabs by hand,” she said. “Only two desks were staffed, which is why we were cheesed off.”

Collins, an aviation and defense technology company that is a subsidiary of RTX Corp., formerly Raytheon Technologies, said it was “actively working to resolve the issue and restore full functionality to our customers as quickly as possible.”

“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” it said in a statement.

Airline industry is vulnerable through the use of third-party platforms

Still, experts said the attack pointed to vulnerabilities — ones that hackers are increasingly trying to exploit.

Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, said the aviation industry has become an “increasingly attractive target” for cybercriminals because of its heavy reliance on shared digital systems.

“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” she said. “When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders.”

Experts said it was too early to tell who might be behind the attack, and were trying to read some clues.

Story continues below advertisement

“It looks almost more like vandalism than extortion, based on the information we have,” said James Davenport, a professor of information technology at the University of Bath in England. “I think significant new details would have to emerge to change this view.”

&copy 2025 The Canadian Press