A cyberattack targeting Collins Aerospace, a provider of check-in and boarding systems for global airlines, disrupted operations at several major European airports on Saturday, including London’s Heathrow, the continent’s busiest. The cybersecurity incident caused widespread flight delays and cancellations. Heathrow warned passengers of potential disruptions, citing a ‘technical issue’ in Collins’ software that affected electronic check-in and baggage handling systems.
“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” RTX, which owns Collins Aerospace, reportedly said in a statement, adding that it had become aware of a ‘cyber-related disruption’ to its software at selected airports, without naming them. It added that it was working to fix the issue as quickly as possible.
“While the provider works to resolve the problem quickly, we advise passengers to check their flight status with their airline before travelling,” Heathrow Airport wrote in a message posted on X, formerly Twitter. “Please arrive no earlier than three hours before a long-haul flight or two hours before a domestic flight. Additional colleagues are available in check-in areas to assist and help minimise disruption. We apologise for any inconvenience.”
Heidi Alexander, British transport minister, said in a message posted on X that she is aware of an incident affecting airline check-in and boarding, impacting flights at Heathrow and other European airports. “I’m getting regular updates, and monitoring the situation. If you’re flying at Heathrow today, check with your airline before travelling.”
Brussels Airport and Berlin Airport were also affected by the attack, they said in separate statements.
The attack has rendered automated systems inoperable, allowing only manual check-in and boarding procedures, Brussels Airport said on its website, adding the incident had occurred on Friday night.
“This has a large impact on the flight schedule and will, unfortunately, cause delays and cancellations of flights…The service provider is actively working on the issue and trying to resolve the problem as quickly as possible.”
The airport said that 10 flights had been cancelled so far, with an average delay of one hour for all departing flights.
U.S. carrier Delta Air Lines said it expected minimal impact to flights departing from the three affected airports, adding it had implemented a workaround to minimise disruption.
There were no indications of threats to Polish airports,
Poland has not seen threats to its airports, Krzysztof Gawkowski, the country’s deputy prime minister and digital affairs minister, said. Though Russian hackers recently intensified sabotage attempts on the country’s critical infrastructure installations, targeting hospitals and water systems. The country now faces 20 to 50 cyberattacks a day amid heightened tensions with Moscow. In response, Warsaw plans to raise its cybersecurity budget to a record €1 billion this year.
“Cyberattacks on airports are particularly disruptive because aviation relies on tightly coordinated systems. A single failure in check-in or baggage handling doesn’t just create queues – it has a domino effect on flight schedules, connections, and even crew availability,” Adrianus Warmenhoven, cybersecurity expert at NordVPN, wrote in an emailed statement to Industrial Cyber. “What we’re seeing at Heathrow, and other European airports today, is a reminder that cyber incidents in one link of the chain can ripple across Europe’s busiest transport hubs within hours.”
As for why criminals target airports, Warmenhoven said that there are several possible motives. “Some attacks are financially motivated, with hackers looking to extort payments from service providers. Others are politically driven, designed to create maximum disruption and erode public trust in critical infrastructure. Airports are high-profile targets, and a well-timed attack can cause chaos for tens of thousands of travellers, while sending a broader message about the vulnerability of essential services.
Warmenhoven added, “The fact that the disruption today stems from a third-party supplier shows how attackers often go after the weakest link rather than the airport itself. Strengthening resilience means not only securing airport networks but also ensuring that suppliers meet the same high standards.”
Rob Jardin, chief digital officer at NymVPN, wrote in an emailed statement that increasingly, hackers are not just criminals but are being weaponised by hostile nation states against Europe, with supply chains seen as an easy way to cause chaos.
“We’ve seen this pattern before in retail, automotive, and now aviation – criminals are deliberately targeting supply chains to cause maximum disruption,” Jardin said. “For passengers, it means delays; for businesses, it’s lost money and, far more importantly, shaken confidence.”
Adding that the lesson is clear, Jardin added that “security can’t stop at your own network. Every supplier must meet the same high standards, and we need more resilient, decentralised infrastructures so that a single point of failure can’t paralyse critical services. Strong encryption, regular audits, and contingency planning are now essential to stop today’s disruption from becoming tomorrow’s norm.”
