A wave of cyberattacks has disrupted operations at major international airports after ransomware crippled critical check-in and boarding systems late last week, according to the European Union Agency for Cybersecurity (ENISA).
The cyberattack that took place last Friday targeted software systems provided by US defense and aviation firm Collins Aerospace, a subsidiary of RTX. The company confirmed the incident as a “cyber-related disruption” that impacted its multi-user system used for electronic check-in, baggage tagging, and boarding operations.
The breach forced several of Europe’s busiest airports, including London Heathrow, Berlin, and Brussels, to revert to manual operations, causing widespread delays and cancellations over the weekend.
ENISA said that ransomware had been deployed to scramble automatic check-in systems. It’s not clear at this point what ransomware operation is behind the attack.
Internal communications seen by the BBC revealed that Heathrow Airport staff were instructed to continue using manual workarounds. Heathrow confirmed Sunday that recovery efforts were still underway but emphasized that “the vast majority of flights have continued to operate.” British Airways was among the carriers using backup systems to resume partial service.
Brussels Airport reported that nearly half of Monday’s scheduled outbound flights (140 out of 276) had been canceled, as the affected software provider continued efforts to restore systems.
A spokesperson for Berlin Airport said some airlines were still boarding passengers manually, with no clear timeline for full recovery.
The UK’s National Cyber Security Centre stated it is working with Collins Aerospace, the Department for Transport, affected airports, and law enforcement to assess the full impact of the attack.
Travelers are advised to check with airlines for the latest flight information and arrive at airports earlier than usual as the situation continues to develop.