A third-party passenger system disruption at Heathrow may caused delays in the check-in process at Heathrow Airport and major European Airlines signaled as cyber attack. Third Party System Disruption Coordinated for Cyber attack on Major European Airlines.

The cyber attack targeted at third party vendor Collin Aerospace ,providing check-in and boarding systems for several airlines across multiple airports globally, experienced technical issue leading to flight disruption.

Heathrow Airport warned departing passengers of probable delays and urged them to monitor their flight status closely during the disruption.

Similarly Brussels Airport confirmed that automated check-in and boarding services were inoperable, forcing staff to use manual processes to handle departing passengers.

Berlin Airport also communicated the situation via a banner on its website, stating: “Due to a technical issue at a system provider operating across Europe, there are longer waiting times at check-in. We are working on a quick solution,” Berlin Airport said in a banner on its website.

As per reports the impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” RTX, which owns Collins Aerospace, reportedly said in a statement, adding that it had become aware of a ‘cyber-related disruption’ to its software at selected airports, without naming them. It added that it was working to fix the issue as quickly as possible.

A Highly coordinated attack by Hackers on Aviation Sector – What do we know

“The aviation industry has become an increasingly attractive target for cybercriminals because of its heavy reliance on shared digital systems,” Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, told Euronews Next.

“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once. When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders,” she added. 

Weaklink targeted in connected the ecosystem

The attack on third party ecosystem indicates that cyber security needs to be treated on high priority as IT is related and its high time airlines and aviation take cybersecurity seriously

According to a recent SecurityScorecard study, at least 29% of all breaches were attributable to a third-party attack vector, meaning the core risk originated outside of the organization.

Of these, 75% involved software or other technology products and services, with the remaining 25% stemming from non-technical products or services. These statistics highlight the digital interconnectivity across the supply chain — and the risks inherent within those relationships.

Reducing Third party cyber risk related loss

In this competitive market and aggression of cyber criminals towards vendors and third party service providers, utmost necessity and guard is required while choosing critical product and service providers. The entire ecosystem is relying for their service and this includes, where possible, identifying the critical vendors and suppliers the providers use, otherwise known as fourth-party vendors.

Verifying that third parties who have adequate cyber insurance to meet the requirements of the first-party organization. This demonstrates cyber risk management hygiene is maintained and certain controls are in place.

A strong incident response plan is maintained well ahead before any incident occurs.

(Sources: https://www.euronews.com/next/2025/09/21/what-do-we-know-about-the-cyberattacks-that-hit-europes-airports)