Brussels Airport, Dublin Airport, Collins Aerospace and London Heathrow: EU agency confirms ransomware attack behind airport disruptions

Ransomware Attack Disrupts Check-In Systems at Major European Airports

A ransomware attack targeting Collins Aerospace, a key supplier of automated check-in systems, caused widespread disruptions at several of Europe’s busiest airports on February 10–12, 2026. The incident, confirmed by the EU’s cybersecurity agency (ENISA), locked critical data and forced airports to revert to manual processes, leading to flight cancellations and delays.

Affected Airports and Impact

Brussels Airport reported 29 cancellations and only 42% of flights departing on time, with staff using iPads and laptops for manual check-ins.
London Heathrow, Europe’s busiest airport, implemented contingency measures as airlines struggled with system outages.
Berlin Airport, already strained by high passenger volumes due to the Berlin Marathon, faced delays exceeding one hour for departures.
Dublin Airport experienced minimal impact, relying on manual boarding procedures, including handwritten passes.

Scope and Response
Collins Aerospace, owned by RTX, stated it was working with affected airports to restore full functionality, with updates nearing completion. ENISA confirmed law enforcement involvement but did not disclose the attack’s origin. Sophos threat intelligence director Rafe Pilling noted that while high-profile ransomware attacks are more visible, they are not necessarily increasing in frequency though their disruptive potential remains a growing concern for critical infrastructure.

Broader Context
The incident underscores the vulnerability of aviation systems to cyber threats. A recent Bitkom survey found ransomware as the most common cyberattack against German companies, with one in seven paying ransoms. Despite the disruption, analysts emphasize that large-scale attacks with physical-world consequences remain rare.

Source: https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/

Brussels Airport TPRM report: https://www.rankiteo.com/company/brussels-airport-company

Dublin Airport TPRM report: https://www.rankiteo.com/company/dublin-airport-authority-daa-

Collins Aerospace TPRM report: https://www.rankiteo.com/company/collins-aerospace

London Heathrow TPRM report: https://www.rankiteo.com/company/imperial-college-london

"id": "brudubcolimp1770877259",
"linkid": "brussels-airport-company, dublin-airport-authority-daa-, collins-aerospace, imperial-college-london",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Aviation',
                        'location': 'Brussels, Belgium',
                        'name': 'Brussels Airport',
                        'type': 'Airport'},
                       {'industry': 'Aviation',
                        'location': 'London, UK',
                        'name': 'London Heathrow',
                        'type': 'Airport'},
                       {'industry': 'Aviation',
                        'location': 'Berlin, Germany',
                        'name': 'Berlin Airport',
                        'type': 'Airport'},
                       {'industry': 'Aviation',
                        'location': 'Dublin, Ireland',
                        'name': 'Dublin Airport',
                        'type': 'Airport'},
                       {'industry': 'Aerospace/Defense',
                        'name': 'Collins Aerospace',
                        'type': 'Supplier'}],
 'data_breach': {'data_encryption': 'Yes (ransomware locked critical data)'},
 'date_detected': '2026-02-10',
 'date_publicly_disclosed': '2026-02-10',
 'description': 'A ransomware attack targeting Collins Aerospace, a key '
                'supplier of automated check-in systems, caused widespread '
                'disruptions at several of Europe’s busiest airports on '
                'February 10–12, 2026. The incident locked critical data and '
                'forced airports to revert to manual processes, leading to '
                'flight cancellations and delays.',
 'impact': {'brand_reputation_impact': 'High',
            'downtime': '2026-02-10 to 2026-02-12',
            'operational_impact': 'Flight cancellations, delays, manual '
                                  'check-in processes',
            'systems_affected': 'Automated check-in systems'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The incident underscores the vulnerability of aviation '
                    'systems to cyber threats and the disruptive potential of '
                    'ransomware attacks on critical infrastructure.',
 'ransomware': {'data_encryption': 'Yes'},
 'references': [{'source': 'EU’s cybersecurity agency (ENISA)'},
                {'source': 'Sophos threat intelligence director Rafe Pilling'},
                {'source': 'Bitkom survey'}],
 'response': {'containment_measures': 'Manual check-in processes, contingency '
                                      'measures',
              'law_enforcement_notified': 'Yes (ENISA confirmed involvement)',
              'remediation_measures': 'Restoring full functionality of '
                                      'systems'},
 'title': 'Ransomware Attack Disrupts Check-In Systems at Major European '
          'Airports',
 'type': 'Ransomware'}

Brussels Airport, Dublin Airport, Collins Aerospace and London Heathrow: EU agency confirms ransomware attack behind airport disruptions

Anodot, Rockstar Games and Take-Two Interactive: Rockstar Games faces April 14 ransom deadline following alleged data leak

DeadLock: Ransomware Groups Increasingly Turn to EDR Killers Outside Vulnerable Driver Tactics

Anne Arundel Dermatology P.A.: Anne Arundel Dermatology $2.4M Data Breach Settlement