A cyberattack has disrupted operations at a service provider for check-in and boarding systems. Travellers in several major European airports, including London’s Heathrow, the continent’s busiest, have been met with flight delays and cancellations.
Collins Aerospace is an American aviation and defense technology company that provides check-in and boarding systems for several airlines across multiple airports globally. According to reports, the attack also affected Heathrow Airport, Brussels Airport, and Berlin Airport.
Flights have been canceled
Brussels Airport said on its website that the incident had occurred on Friday night. According to them, the attack has stopped all automatic systems from working, allowing only manual check-in and boarding procedures.
The airport also said that 10 flights had been canceled so far, with an average delay of one hour for all departing flights. It added, “This has a large impact on the flight schedule and will unfortunately cause delays and cancellations of flights…The service provider is actively working on the issue and trying to resolve the problem as quickly as possible.”
In addition, Berlin Airport said in a banner on its website, “Due to a technical issue at a system provider operating across Europe, there are longer waiting times at check-in. We are working on a quick solution.”
On the other hand, a spokesperson said that Frankfurt Airport, Germany’s largest, was not affected. An official from the operations control center at Zurich Airport also said it had not been impacted.
Delta Air Lines also said it expected minimal impact on flights departing from the three affected airports, adding that it had implemented a workaround to minimise disruption. Among Europe’s biggest airlines, EasyJet said it was operating normally and did not expect the issue to impact its flights for the rest of the day.
Collins Aerospace’s parent RTX said it had become aware of a “cyber-related disruption” to its software in select airports. “The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” RTX said.
Meanwhile, passengers on a flight scheduled for Saturday were advised by the affected airports to confirm their travel with airlines before heading to the airport.
Airports’ vulnerabilities to cyberattacks
A centralized system hack, affecting multiple airports at once through a shared vendor, is likely to blame for the interruption. The infrastructure used by client airports is either cloud-based or networked. There has been no confirmation of a particular ransomware organization or attribution.
So far, the events of 2025 have proved one thing beyond doubt: aviation is firmly in the crosshairs of cyber adversaries. In late June 2025, Qantas Airways detected unauthorized activity on a third-party platform used by its contact center. The airline confirmed the breach in early July and stated that the attack shared similarities with intrusions linked to the Scattered Spider group.
Qantas updated its disclosure and confirmed that the personal data of approximately 5.7 million customers was exposed. Around 4 million records, including names, email addresses, and Frequent Flyer details, come with tier level, points balance, and status credits. The remaining 1.7 million included combinations of addresses, phone numbers, dates of birth, gender, and meal preferences.
In the same month, WestJet Airlines experienced a cyber incident that disrupted parts of its digital infrastructure. Hawaiian Airlines also confirmed it was affected by a cybersecurity incident. However, neither reports any risk to flight safety.
Many hacking gangs are headquartered in Russia or other former Soviet countries, some of which are thought to have ties to the Russian state. But there have been plenty of arrests elsewhere. British and American teenagers are accused of recent large cyber-attacks against Las Vegas casinos, M&S, Co-op, and Transport for London.
The smartest crypto minds already read our newsletter. Want in? Join them.
