Cyberattack on an American provider: European airports are experiencing operational paralysis, with cascading delays and cancellations. Brussels bears the brunt of the impact. At Heathrow and Berlin, departure boards are slowly recovering, while Brussels remains hindered by disrupted check-in. Manual check-in extends lines and delays boarding. The Collins Aerospace software remains unavailable, while the investigation suggests hackers, criminal networks, or potential state actors. Air security and air traffic control remain intact. Airlines are reallocating staff, utilizing self-service and online check-in, but baggage handling remains challenging. For travelers, vigilance is necessary: check flight status and prioritize online check-in before arrival. Next decisive step: deployment of a secure version, gradual restoration of passenger flow, and clearing of operational backlogs. Airports are refining their business continuity plans, strengthening cyber resilience, and deploying mixed IT-operations teams to stabilize the ecosystem.
| Quick Focus |
|---|
| Cyberattack on an American provider disrupts European airports for a 2nd day. |
| Affected functions: electronic check-in and baggage drop; shift to manual operations. |
| Provider: Collins Aerospace (RTX) confirms a cyber disruption and is preparing a fix. |
| Brussels the most impacted: nearly 140 departures cancelled Monday (~50% of 276). |
| Immediate cause: secure version of the check-in system still unavailable. |
| Heathrow and Berlin: signs of recovery, but delays persist. |
| Technical scope: only check-in counters affected; kiosks and online check-in operational. |
| Continuity: up to 85% of departures maintained through reinforcements and self bag drop. |
| Air security and air traffic control unaffected (according to the European Commission). |
| Origin under investigation: possible hackers, criminal groups, or state actors. |
| Passenger advice: check flight status, prioritize online check-in and kiosks. |
| Next steps: deploy the patch, gradual online restoration, manage capacity, communicate in real time. |
| Immediate risk: targeted cancellations in Brussels, prolonged waits, and queues. |
Timeline and Scope of the Cyberattack
A cyberattack against an American vendor has disrupted European airports since Friday evening, extending into Sunday. The incident primarily affects electronic check-in, causing delays and cancellations across several interconnected European platforms. The origin of the attack is still under investigation. Specialized sources mention hackers, criminal networks, or potential state actors, with no attribution validated at this stage. A supplementary overview is provided in this analysis on cyberattacks affecting European airports.
Technical Vector and Affected Scope
The targeted systems belong to Collins Aerospace (a subsidiary of RTX), used for check-in, producing boarding passes, baggage tags, and handling baggage. The company reports a “cyber” disruption confined to customer check-in and baggage drop, mitigable through a manual check-in managed by the airlines. Manual check-in supports business continuity while generating considerable queues. The self-service kiosks remain operational in some terminals, as do online check-in and self bag drop when available.
Impact Areas by Airport
Brussels National
Disruptions are concentrated in Brussels, where airlines have been asked to cancel nearly 140 departures on Monday, which is half of the 276 scheduled flights. The decision stems from the absence of a secure version of the Collins Aerospace system, still unavailable according to the airport. Brussels experiences the most severe disruptions. Teams managed to maintain 85% of the planned departures over the weekend thanks to additional staff, continuing self bag drop and online check-in.
Heathrow
Departure boards at Heathrow indicate a partial recovery, with most flights continuing in close cooperation with the airlines. An apology message mentions prolonged waits, but overall operations preserved under degraded procedures. Heathrow and Berlin are beginning a gradual recovery. Travelers are still advised to check flight statuses before heading to the airport.
Berlin Brandenburg
The site at Berlin Brandenburg displays a rolling message indicating increased delays and recommends online check-in, self-registration, and fast bag drop to streamline flows. Significant queues remain at the counters, where manual processing persists, taking longer and prone to errors. Carriers are adjusting their capacity plans in real-time according to passenger influx and position availability.
Response from Stakeholders and Cooperation
Collins Aerospace confirms the incident and mobilizes its teams to restore services and deploy secure fixes. Airlines resort to workaround solutions, including manual writing of boarding passes and using backup computers. The European Commission clarifies that air security and traffic control are unaffected, with no signs of a major systemic attack. Indian authorities report no impact on airports in the country.
Business travelers remain exposed to the rise of cybercrime in mobility, documented in this file on cybercrime related to business travel. Recommendations for American citizens traveling abroad are found in this resource dedicated to the safety of American citizens. A risk country follow-up is included in the summaries related to monitored destinations.
Operational Consequences and Passenger Service
Airports recommend checking the flight status beforehand, online check-in as soon as it opens, and early access to the terminal. Using self-service kiosks and fast bag drop reduces bottlenecks, while manual counters remain congested. Short connections are particularly vulnerable, prompting airlines to reorganize boarding priorities and dedicated queues. Persons with reduced mobility require enhanced support, given the extended detours.
Next Steps and Short-Term Scenarios
Technical teams are preparing a hardened version of the system, along with testing, phased deployment, and a gradual return to normal capacities. Airports will maintain strengthened staffing, additional manual lines, and business continuity plans until stabilization. Airlines will implement measures for operational irregularity: rerouting, bag tolerance, extended hours, and adjustments to slots when possible. Normalization will occur in successive phases.
Forensic investigations will need to clarify the initial vector, potential lateralization, and the exact extent of data exfiltration. Operators will enhance segmentation, multi-factor authentication, SIEM monitoring, and crisis exercises, in coordination among airports. A coordinated communication will limit rumors and preserve trust while adhering to regulatory notification requirements. Updated publications will inform passengers about service reopenings and temporary commercial policies.
Structural Challenges for the European Air Travel Ecosystem
The concentration on a few Departure Control System providers reveals a risk of dependency, accentuating the cross-impact of outages. Managers will explore multi-provider architectures, local fallback capacities, and ready-to-use paper procedures. Load shedding scenarios might involve less-utilized platforms, as shown in the analysis of under-utilized airports in France. The convergence of operational resilience and cybersecurity will shape investments, with audited performance indicators.
