What caused cyber attack that crippled major airports including Heathrow – and could it be a test for something bigger?

Major European airports were thrown into chaos over the weekend as thousands faced delays and cancellations after a major cyber attack.

Airlines flying out of Heathrow, Brussels, and Berlin were forced to check passengers in manually after the attack hit systems used for check-in and boarding, causing hours-long queues on Saturday.

Disruption spilled into Sunday as airlines warned passengers not to travel to airports unless their flight had been confirmed. Collins Aerospace, the company hit by the attack, said it was working to resolve the issue as quickly as possible, but did not give any details on what was behind the problem.

Airlines were left “furious”, reported The Independent’s Simon Calder, as the attack left them responsible for rebooking travel and arranging food and accommodation for disrupted passengers.

They, along with passengers, will want answers as to who carried out the attack, and what can be done to stop it from happening again.

What happened?

Late on Friday night, airlines said they were experiencing difficulties with check-in and boarding after a cyber attack on the systems provider.

Collins Aerospace, an aviation and defence company, provides airlines with the systems needed to check passengers in and organise boarding.

The attack forced airlines to check customers in manually, causing long queues and leaving many passengers in the dark about whether they would be able to make flights and onward connections.

Huge queues were reported at Heathrow, Brussels, and Berlin on Saturday as travellers waited for hours for news on rearranged flights.

Aviation safety and air traffic control were unaffected, the European Commission said in a statement, as it added it would “closely monitor” the situation.

Was Russia behind the attack?

There have been unfounded claims of Russian involvement, with Lib Dem foreign affairs spokesperson Calum Miller saying on Saturday that the government needed to “urgently establish if Vladimir Putin is now attacking our cyber systems”.

It follows heightened concern over aviation safety in Europe after 19 recent incursions from Russian drones into Polish airspace.

But at this time, there is no evidence that Russia is behind the attack. Most recent hacks, including the massive attack on British retailer M&S in April of this year, have been attributed to criminal gangs looking to extort huge organisations for money.

While some of these groups are based in Russia and could have ties to the state, many are based elsewhere. In the case of the M&S attack, four people – including three teenagers – have been arrested in the UK.

Cybersecurity expert Vykintas Maknickas, who is the CEO of NordVPN’s travel eSIM app Saily, said the attack “highlights the increasing vulnerabilities within the aviation sector as airports and airlines continue to rely on interconnected systems for operations”.

Which airports are affected?

The main airports affected by the cyber attack are Heathrow, Brussels, and Berlin.

But cancelled and delayed flights to other major hubs such as Paris, Lisbon, and Amsterdam will have had a knock-on effect for those trying to make connections there.

“This attack is a prime example of the supply-chain risks facing the aviation industry,” Mr Maknickas added. “Many airports, including those affected in this incident, rely on the same third-party systems for passenger handling. While this approach boosts operational efficiency, it significantly reduces resilience.

“A single cyberattack on one vendor can quickly escalate into widespread disruptions across multiple airports, as seen with the delays and cancellations at major European hubs like Heathrow, Brussels, and Berlin.”

A test for something bigger?

While the cause of Friday’s cyber attack remains unclear, it is difficult to know whether the hack could be a test for something bigger.

But security experts warned that unless airlines create viable backups that can kick into action in the event of cyber attacks, this incident “will not be the last”.

“Cybersecurity is usually treated as an IT problem, but in reality it’s an operational safety issue,” Mr Maknickas explained.

“Aviation has long avoided single points of failure in its physical infrastructure, like multiple runways, backup power, redundant comms. The same philosophy must be applied to their digital strategies. Otherwise, today’s outage will not be the last.

“Travel runs on trust that systems will work, flights will depart, and bags will arrive. Every cyber outage erodes that confidence. Rebuilding it requires transparency, accountability, and visible investment in resilience.”