Key points
-
A large-scale cyberattack disrupted operations at major European airports, including Brussels, Berlin, and Heathrow.
-
At Brussels Airport, at least 44 flights were cancelled or rerouted on Sunday, with further delays expected into the week.
-
The disruption stemmed from an attack on Collins Aerospace, a key supplier of airline check-in and operational systems, impacting multiple carriers.
-
Passengers faced long queues, manual check-in procedures, and uncertainty over flight schedules.
-
The attack highlights vulnerabilities in aviation’s reliance on third-party digital infrastructure.
Event description
What happened: On 20 September 2025, several major European airports, including Brussels, Berlin, and London Heathrow, experienced widespread disruptions due to a cyberattack. The attack targeted third-party service provider Collins Aerospace, which supplies digital check-in and operational support systems for airlines.
Where: The most severe impact was reported at Brussels Airport, though Berlin and Heathrow also suffered significant operational delays.
When: The disruption began on 20 September and carried over into 21 September, with delays and cancellations continuing.
Who: Airlines relying on Collins Aerospace systems were directly affected, including both European flag carriers and international airlines operating out of the targeted airports. Passengers bore the brunt of the disruption.
How: Cybercriminals launched a ransomware-style attack on Collins Aerospace systems, forcing airports and airlines to revert to manual check-in and boarding processes.
Analysis
The incident demonstrates how aviation cybersecurity risks can rapidly escalate into operational crises with direct impacts on passengers and business continuity.
At Brussels Airport, 44 departing flights were cancelled on Sunday alone, representing a substantial share of daily operations. Flights were either rerouted or delayed, with ripple effects spreading to connecting flights across Europe. Heathrow also reported hundreds of passengers stranded in long queues, as manual registration slowed processing dramatically.
The most affected companies were those heavily reliant on Collins Aerospace’s systems. This includes Brussels Airlines, Lufthansa Group carriers, and other international airlines operating out of Brussels. The reliance on a single supplier created a systemic vulnerability — once compromised, multiple airports and airlines simultaneously suffered cascading effects.
The disruption comes amid growing warnings of cyber operations targeting aviation and aerospace sectors. Reports earlier this year noted that ransomware groups and politically motivated hacktivists see aviation as a high-profile target. The sophistication of the attack, which exploited a single point of failure, suggests a coordinated operation rather than a simple opportunistic hack.
Disruptions and travel advice
Disruptions:
-
44 cancelled flights at Brussels Airport on Sunday, with additional delays reported at Berlin and Heathrow.
-
Manual check-in procedures created bottlenecks, with waiting times extending for hours.
-
Passengers experienced missed connections, especially on long-haul itineraries via Brussels and Heathrow.
Travel advice for passengers:
-
Arrive early: Passengers should plan to arrive at least 3–4 hours before departure to account for extended manual processing times.
-
Check flight status online: Use airline apps and websites for live updates, as airports are prioritising digital communication where systems allow.
-
Rebook proactively: Travellers on cancelled Brussels flights should contact airlines directly for rebooking, as on-site counters remain overwhelmed.
-
Use alternative hubs: Where possible, rerouting through unaffected hubs such as Paris Charles de Gaulle, Amsterdam Schiphol, or Frankfurt may reduce risk of extended delays.
-
Pack essentials: Travellers should carry essentials in hand luggage, anticipating potential overnight stays due to cancellations.
Forecast
Based on past cyber incidents in the aviation sector, disruptions are likely to continue for several days, even after systems are restored. Airlines will face backlogs in rebooking, while passengers may experience cancellations or extended delays until midweek.
In the medium term, regulators may pressure aviation stakeholders to strengthen cyber resilience in third-party providers, potentially leading to new compliance requirements across the sector.
If similar ransomware operations are repeated, high-profile hubs like Heathrow, Frankfurt, and Charles de Gaulle could see comparable disruptions, posing recurring risks to international business and leisure travel.
