EU confirms cyberattack behind airport chaos in London, Berlin and Brussels

What many passengers suspected over the weekend ( September 20-21) has now been confirmed: the airport disruption that caused hours of queues and missed flights in cities including London, Berlin and Brussels was the result of a cyberattack.

The European Union Agency for Cybersecurity (ENISA) said on Monday, september 22, that investigators had identified the ransomware used in the attack and that law enforcement is already involved. “This was not a glitch,” the agency made clear. “It was a targeted cyber incident.”

Check-in systems paralysed

The problems began when Collins Aerospace, a US company that supplies the MUSE check-in and boarding system, was hit. Airports relying on the software suddenly found themselves unable to process passengers normally.

Staff were forced to fall back on manual procedures, but with thousands of travellers trying to check in, the delays were inevitable.

In Berlin, the timing couldn’t have been worse. The city was hosting its marathon, bringing nearly 92,000 passengers through the airport on Sunday alone. By Monday, queues were still snaking through the terminal, despite calls from airport staff for travellers to check in online whenever possible.

London airports also reported long waits on Saturday and Sunday, though backup systems helped ease the pressure by Monday morning. Brussels Airport admitted that passengers were still facing extended delays well into the new week.

Officials: a deliberate attack

According to ENISA, the type of ransomware has already been identified, though officials have declined to release its name while investigations continue. What they have stressed is that this was a deliberate attack on critical systems, not an accident.

Collins Aerospace, which is part of the US defence and technology group RTX, said it is working “around the clock” to restore normal operations and is in the final stages of updating the affected software. The company added that it was in “close contact” with both airports and airlines to ensure passengers are processed as smoothly as possible.

A wider warning for air travel

This latest incident underlines a growing concern for aviation: airports are prime targets for hackers. With everything from boarding passes to baggage handling now managed digitally, a single weak point can cause chaos across entire countries.

Cybersecurity specialists warn that ransomware groups have become increasingly bold, knowing that airlines and airports cannot afford extended downtime. Every hour of disruption means missed connections, diverted flights and millions in financial losses.

For passengers, though, it’s the immediate stress that lingers. One traveller waiting in Berlin summed it up: “We plan everything down to the minute when we fly, and then something like this happens. You’re just stuck, and nobody can tell you when it will be fixed.”

What travellers can expect after the airport cyberattack

The investigation will now focus on who carried out the attack and how they gained access. Authorities across Europe are under pressure to respond quickly and tighten defences, with ENISA describing the incident as a ‘wake-up call’ for the industry.

While most airports are now close to resuming normal service, officials have warned of potential knock-on effects in the coming days as airlines clear backlogs. Passengers are being advised to arrive early, complete online check-in where possible, and allow extra time at security.

The confirmation that this was indeed a cyberattack has brought little comfort to the thousands who spent their weekend in queues. But it has made one thing clear: air travel’s dependence on digital systems has become a major vulnerability – one that cybercriminals are keen to exploit.

Stay tuned with Euro Weekly News for more news about Travel