Cyberattack on European airport check-in-systems – what now?

European airports affected by cyberattack

Published on September 24, 2025

Cyberattack paralyzes check-in systems: Last weekend, several major European airports fell victim to a targeted cyberattack. Berlin-Brandenburg (BER), Brussels, Dublin, and London Heathrow were among those affected, according to multiple media reports. The attack targeted the US IT service provider Collins Aerospace, which operates central check-in and boarding systems for numerous airlines. As a result, electronic check-in systems failed, flights were canceled, delays mounted—and in many places, staff had to revert to manual processes using pen and paper. ^{1, 2, 3}

---

According to the EU cybersecurity agency ENISA, this was a ransomware attack in which systems were encrypted and a ransom may have been demanded. The impact was severe: in Brussels, around 50% of scheduled departures were canceled on Monday, while in Berlin, only about 30% of flights departed on time. The airline Swiss even had to operate flights without passengers.^{1, 2}

Affected airports and airlines scrambled to implement emergency solutions, including manual boarding passes and self-service machines. Still, the incident highlights how vulnerable the aviation industry's critical infrastructure remains to digital threats. ^{1, 2}

Wake-up call or rather a sleepy alarm?

Cyberattacks on European airports are no longer just a wake-up call — they're a blaring alarm. When international hubs like Berlin, Brussels, or Heathrow resort to paper lists and ballpoint pens, it's not just a nostalgic throwback to analog times. It starkly reveals that the digital resilience of critical infrastructure is still dangerously inadequate.

As a cybersecurity expert, BearingPoint sees on a daily basis how strongly networked and at the same time how vulnerable modern IT and OT systems are. But how exactly should companies react in times like these? The following points, for example, could provide some food for thought:

• Interlink IT and OT systems: Information and operational technology must not be treated in isolation, but must be secured together.

• Increase supply chain security: Third-party providers are often the weakest link. Anyone outsourcing their infrastructure must also consider their security.

• Contingency plans: Paper and pen are not a plan—they’re a last resort. Companies need robust business continuity plans that sensibly dovetail digital and analog processes.

• Implement zero-trust architecture: No access without strict verification - internally and externally. This is the only way to minimize attack surfaces.

Sources:

1. ORF.at: Cyberattack on airports - impact on flight operations in Europe, published on 22.09.2025. Available at: https://orf.at/stories/3406186 (accessed on 23.09.2025)

2. 20 minutes: Europe: More flight cancellations after cyberattack - Empty flights at Swiss, published on 22.09.2025. Available at:https://www.20min.ch/story/europa-weiter-flugausfaelle-nach-cyberangriff-leerfluege-bei-swiss-103420088 (accessed on 23.09.2025)

3. Euronews Next: What do we know about the cyberattacks on European airports?, published on 22.09.2025. Available at:https://de.euronews.com/next/2025/09/22/was-wissen-wir-uber-die-cyberangriffe-auf-europaische-flughafen (accessed on 23.09.2025)

4. Heise Online Forum: Check-in problems at BER and other airports continue, commentary from 22.09.2025. Available at:https://www.heise.de/forum/heise-online/Kommentare/Check-in-Probleme-am-BER-und-anderen-Flughaefen-halten-an/forum-568905/comment (accessed on 23.09.2025)