A sweeping cyberattack has struck multiple major European airports, causing widespread travel disruption. The target was a third-party provider’s software system used for automatic check-in and baggage drop.
Airports including London Heathrow, Brussels, Berlin, and others experienced long queues and cancelled flights when the system failed. The EU’s cybersecurity agency confirmed the disruption was caused by ransomware, and authorities are investigating.
Passengers arriving or departing these airports faced delays of up to an hour or more. Many electronic check-in kiosks and automated bag drop machines were offline. Airline and airport staff switched to manual operations – handwritten boarding passes, use of laptops and tablets for processing, and longer wait times. The disruption stretched over several days, with some airports cancelling dozens of flights to prevent further chaos.
What the Attack Means for Airports & Passengers
With automated check-in systems compromised, passengers must adjust expectations. Those who pre-checked in online or have digital boarding pass options fared somewhat better, though bag drop and check-in still suffered. For many, arriving extra early became necessary. Airports urged travellers to stay updated via airline communications, expect delays, and use all available check-in and self-service options where possible.
For staff and airport management, the attack exposed vulnerabilities in relying heavily on single vendor software. When the software provider’s system failed, multiple airports lost key process automation simultaneously. Manual workaround protocols, though helpful, could not fully match speed, efficiency, or reliability of digital processes. This kind of cascading failure highlights just how fragile parts of airport infrastructure can be when built tightly around third-party systems.
Wider Implications & Needed Changes
Security experts warn this is not just an isolated incident. The attack on automated check-in systems is part of a broader trend of heightened ransomware attacks against critical or visible infrastructure. ENISA and other agencies are calling for stronger cybersecurity standards, backup systems, realistic disaster recovery plans, and greater transparency from software vendors. In particular, resilience in infrastructure has to include ability to continue operations when key digital systems fail.
Another implication concerns reputational and economic cost. Flights re-routed or cancelled cost airlines, airports, and passengers – not only in refunds, but in damage to trust. Local businesses depending on arrivals and schedules suffer when arrivals are delayed or disrupted. In some regions, tourism and connecting-flight traffic could be affected if travellers lose confidence in consistency.
From a regulatory perspective, governments are likely to push vendors and airports to adopt stricter security audits, periodic compliance checks, and independent oversight of systems classified as critical infrastructure. There is also expected pressure to increase investment in cyber threat intelligence and cross-border cooperation, since airports frequently link with airlines, immigration, border control, and transport networks across countries.
In summary, the recent ransomware attack targeting airport check-in systems reveals a weak spot in aviation’s digital backbone. While manual backups helped limit total chaos, the disruption remains a sharp reminder: systems must be more resilient, vendors more accountable, and passengers better informed. For many travellers and operators, this incident may mark an inflection point in how airports worldwide think about security and reliability.
