Passengers across Europe endured another day of delays on Monday as airports struggled with the fallout from a cyberattack on the company behind widely used airline check-in and boarding software.
The disruption began on Friday when Collins Aerospace, a subsidiary of the U.S. aerospace and defense company RTX, was hit by a ransomware attack, according to the European Union Agency for Cybersecurity. The assault crippled kiosks and bag-drop machines at some of the continent’s busiest hubs, forcing airline staff to process passengers manually.
Several major airports, including London Heathrow, Brussels, Dublin, and Berlin, have faced lingering delays. Brussels Airport reported that 40 of its 277 departing flights and 23 of its arrivals were canceled Monday. A spokesperson said Collins Aerospace had not yet confirmed the system was secure again.
Heathrow, where disruptions caused longer wait times at check-in and boarding, stressed that the issue did not lie with the airport itself. “The vast majority of flights at Heathrow are operating as normal, although check-in and boarding for some flights may take slightly longer than usual,” a spokesperson said. “This system is not owned or operated by Heathrow, so while we cannot resolve the IT issue directly, we are supporting airlines and have additional colleagues in the terminals to assist passengers.”
Collins said it was working with four affected airports and airline customers and was in the final stages of restoring full functionality.
The attack has also raised questions about its origin. Jonathan Hall KC, the British government’s independent reviewer of terrorism legislation, told Times Radio it was possible that a state actor could be behind the breach. When asked specifically if Russia might be responsible, Hall replied, “anything is possible.”
He added that while people “understandably, thought about states deciding to do things, it is also possible for very, very powerful and sophisticated private entities to do things as well.”
The disruptions highlight the growing vulnerability of global air travel to cyberattacks on third-party vendors, as airlines and airports remain dependent on interconnected software systems.
It was the latest in a series of high-profile breaches this month, including an attack on Jaguar Land Rover’s IT systems, underscoring how deeply dependent critical industries have become on third-party vendors.
“What happened this weekend is exactly the kind of systemic vulnerability we warn about – when a trusted third-party or vendor is attacked, the ripple effects can be huge,” Dominic Ryles, Sales & Alliance Director at Exertis Cybersecurity, a division of Exertis Enterprise, a leading distributor of IT and cybersecurity solutions, told Afcacia.
“For many organisations, the infrastructure they rely on isn’t fully under their control,” Ryles explained to Afcacia. “That means a weakness somewhere in your supply chain or a vendor’s software can be just as dangerous as a breach inside your own network. At Exertis Enterprise, our approach is to help companies build resilience across all fronts: vendor risk assessments, continuous monitoring, incident response planning, and ensuring strong backup and recovery processes are in place. Because when things go wrong, every minute of downtime costs more than just money — it damages trust.”
Ryles stressed that Exertis Cybersecurity’s mission is to support businesses and managed service providers in building layered defences that can prevent, detect, and respond to attacks. That work, he said, involves auditing and monitoring third-party systems, deploying real-time detection tools through the company’s Security Operations Centre, and creating incident response and disaster recovery plans that allow organisations to limit downtime and restore services quickly. At the same time, Exertis has sought to equip managed service providers with scalable solutions to extend these protections to their customer base.
The disruptions at European airports offered a stark reminder, cybersecurity experts say, that no organisation is fully insulated from risk. As attacks proliferate across sectors and borders, the resilience of supply chains has become as important as the strength of a company’s own defences.