A cyberattack on online check-in systems has disrupted hundreds of flights from major European airports over the weekend, with “technical issues” affecting boarding since Friday night.
The incident has hit check-in desks at London Heathrow, Brussels Airport and Berlin Brandenburg, among others, and stems from an attack on systems run by software firm Collins Aerospace, a subsidiary of RTX.
The company said it was in the final stages of rolling out software updates, while Brussels Airport and the EU’s cybersecurity agency ENISA confirmed law enforcement had been called in.
At the time of writing, some airlines are still relying on manual workarounds to process passengers, according to the BBC. An internal Heathrow memo reportedly warned staff that more than 1,000 computers may have been “corrupted”, with Collins forced to rebuild and relaunch systems, only to discover that intruders were still present.
The attack is believed to have targeted the check-in software “Muse”. Airline staff have been advised by Collins to remain logged into the system and not to turn off their computers.
Industry experts believe that the disruption has exposed the vulnerabilities of Europe’s aviation industry, which relies heavily on shared digital infrastructure.
“Air travel depends on shared systems, so a failure in a common check-in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds,” said Javvad Malik, lead security awareness advocate at KnowBe4.
For Darren Guccione, CEO of Keeper Security, the attack demonstrates how supply chain weaknesses can move across borders: “A technical incident with a single provider can quickly cascade across multiple airports, which is why resilience, security and visibility are critical in modern infrastructure,” he said.
“I’m deeply concerned but not surprised,” added Adam Blake, CEO of ThreatSpike. “The cybersecurity industry has shown a colossal failure in protecting businesses where it matters.”
“Organisations are pouring vast sums of money into advanced tools, but this is fragmenting their security posture, creating overlapping controls and gaps for adversaries to exploit.”
Charlotte Wilson, head of enterprise sales at Check Point Software, pointed to data showing that the aviation sector has faced rising levels of attacks in recent months, averaging more than 1,100 per week.
In August alone, that figure spiked to over 1,250, according to Check Point research.
“When one vendor is compromised, the ripple effect can be immediate and far-reaching,” she said, calling for greater cross-border information sharing between governments, airlines and technology providers.
Rebecca Moody, head of data research at Comparitech, noted that the ransomware group BianLian had previously claimed to have stolen 20GB of data from Collins Aerospace in 2023, though the company never confirmed the breach.
“This is the 15th confirmed attack on the transport sector this year so far,” she added.
Industry experts agree the latest disruption highlights how the aviation sector’s reliance on third-party platforms has created an attractive target for attackers.
“Operational reliance on external vendors creates a large attack surface, and when those services fail, the impact is immediate and highly visible,” said Jamie Akhtar, CEO of CyberSmart.
