Several major airports in Europe experienced delays and disruptions in flight travel on Saturday due to a cyberattack that targeted check-in and boarding systems.
Experts said the attack revealed weaknesses in the security system, although the impact on travelers seemed to be minimal.
Only manual check-in and boarding were feasible due to electronic system difficulties that were first reported at the airports in Brussels, Brandenburg, and Heathrow, London.
Numerous other airports in Europe reported that their operations remained undisturbed.
“The check-in and boarding systems service provider was the target of a cyberattack on Friday night, September 19, which affected multiple European airports, including Brussels Airport,” the airport stated in a statement, originally citing a “significant impact” on flight schedules.
Airports indicated that rather than airlines or the airports themselves, the problem was with a vendor of check-in and boarding technology.
Collins Aerospace reported a “cyber-related disruption” to its MUSE (Multi-User System Environment) software at “select airports.”
Collins Aerospace’s technologies enable travelers to check in independently, print boarding cards and baggage tags, and send their luggage from a kiosk.
Although the identity of the cyberattack’s perpetrator was not immediately apparent, experts predicted that hackers, criminal groups, or state actors might be involved.
Paul Charles, a travel expert, described the strike that has impacted one of the leading defense and aviation corporations in the world as “surprising and shocking.”
“It is extremely concerning that a business of that size, which typically has such robust systems in place, has been impacted,” he said.
“This is a very clever cyberattack indeed because it’s affected several airlines and airports at the same time—not just one airport or one airline, but they’ve gotten into the core system that enables airlines to effectively check in many of their passengers at different desks at different airports around Europe,” he told Sky News.
The fallout seemed to be limited as the day went on.
Ihsane Chioua Lekhli, a spokesman at Brussels Airport, told broadcaster VTM that by mid-morning, 15 planes were delayed by an hour or more, four were diverted to another airport, and nine had been canceled.
The duration of the delays was not immediately apparent, she said.
By late morning, “We don’t have any flights canceled due to this specific reason, but that could change,” according to Axel Schmidt, head of communications at the Brandenburg airport.
According to the Berlin airport, operators have disconnected from the impacted systems.
The busiest airport in Europe, Heathrow, reported that the interruption was “minimal” and that there had been no flight cancellations specifically related to Collins’ issues.
The number of flights delayed due to the cyberattack has not been disclosed by a spokeswoman.
The airports expressed regret for any inconvenience and encouraged passengers to verify the status of their flights.
A few travelers complained about the staffing shortage.
Airlines have decreased the number of employees working at the traditional check-in counters since most, if not all, passengers check in independently.
Maria Casey, who was traveling with Etihad Airways to Thailand for a two-week backpacking trip, reported having to wait three hours at baggage check-in at Terminal 4 at Heathrow.
“They had to write our baggage tabs by hand,” she said. “Only two desks were staffed, which is why we were cheesed off.”
RTX Corp., formerly Raytheon Technologies, is the parent company of Collins, a defense and aviation technology business, which stated that it was “actively working to resolve the issue and restore full functionality to our customers as quickly as possible.”
It stated that “manual check-in operations can mitigate the impact, which is limited to electronic customer check-in and baggage drop.”
However, experts said the attack highlighted weaknesses that hackers are increasingly attempting to exploit.
Because of its significant reliance on shared digital systems, the aviation sector has grown to be a “increasingly attractive target” for cybercriminals, according to Charlotte Wilson, head of enterprise at cybersecurity company Check Point.
The supply chain is frequently the target of these attacks, which take advantage of third-party systems that are utilized simultaneously by several airlines and airports, she stated.
“There can be an instantaneous and extensive impact when one vendor is compromised, leading to extensive disruption across borders.”
Experts were attempting to decipher some hints, but they claimed it was too early to determine who might be responsible for the attack.
According to the evidence we have, it appears to be more akin to vandalism than extortion, stated James Davenport, an information technology professor at the University of Bath in England.
“I believe that in order to alter this opinion, important new information would need to surface.”