As reported by the Associated Press, a cyberattack disrupted operations in European airports, including Brussels, Berlin’s Brandenburg and London’s Heathrow airports. Electronic systems were disturbed, forcing manual check-in and boarding procedures. This attack, occurring on the night of Sept. 19, altered air traffic and caused delays on Sept. 20. However, most travelers were only minorly affected. 

Darren Guccione, CEO and Co-Founder at Keeper Security, comments, “Although information is still limited, the disruption at several major European airports highlights how interconnected global transportation has become and how dependent it is on shared digital infrastructure. A technical incident with a single provider can quickly cascade across multiple airports, which is why resilience, security and visibility are critical in modern infrastructure.”

While the Associated Press has acknowledged it is “not immediately clear who might be behind the cyberattack,” many suspect cybercriminal organizations or state actors could be behind the incident. 

“Adversaries understand that targeting widely used technology services can result in outsized impact, as demonstrated in countless damaging supply chain attacks. Organizations that rely on third-party systems and vendors need to ensure that every point of access is secured, every connection is monitored and no user or system is automatically trusted,” says Guccione. “Zero-trust security models and privileged access management solutions play a central role in that effort. By enforcing least-privilege access and leveraging agentic AI to revoke credentials as soon as risk is detected, organizations can limit the impact of an attack and maintain public confidence in essential services.”

With hacktivism increasingly targeting critical infrastructure, security experts encourage European airports to be on the lookout for that potential as well. 

“This once again highlights a growing concern that critical infrastructure is a soft target for cybercriminals. Whether nation-state actors looking to influence national interests or a criminal organization looking to cause mass panic and chaos, disruptions to services leveraged by millions represent a growing threat,” says Dave Gerry, CEO at Bugcrowd. “This will be a critical time for the affected countries to stay attentive for any opportunistic threat actors that may be looking to gain access and exploit the nation’s security systems and the common public alike. In today’s ultra-connected world, reliability and safety of the grid must be a key priority for local and federal authorities and must be addressed in conjunction with the private sector.”

Furthermore, cybercriminal gangs such as Scattered Spider have targeted the aviation sector in the past, utilizing sophisticated social engineering tactics to exploit vulnerabilities. Though it is currently unknown who is responsible for the cyberattack, the nature of airline operations can make the sector an attractive target for many malicious actors. 

Krishna Vishnubhotla, Vice President, Product Strategy at Zimperium, explains, “As aviation operations increasingly depend on mobile devices for flight crews, ground staff and maintenance teams, these endpoints have become high-value targets. One global airline recently strengthened its mobile security posture after uncovering threats like malicious SMS links, risky Wi-Fi use, sideloaded apps, and OS vulnerabilities affecting employee devices. With more than 70% of aviation cybersecurity solutions now cloud-hosted and a growing reliance on managed services, it’s critical that mobile security be treated as a foundational layer, providing on-device protection, continuous threat detection, and full visibility across mobile fleets to support operational resilience and regulatory compliance.”

Though the impact on travelers was limited, the Associated Press reported frustration due to the minimal staff working at the traditional check-in counters, since many travelers check in individually. 

“This event is a reminder that cyber risk isn’t abstract,” says Anne Cutler, Cybersecurity Evangelist at Keeper Security. “It delays families, disrupts business and erodes confidence in critical services. Attackers target interconnected environments precisely because of their reliance on third-party technology. The path forward is preparation. Aviation and transportation providers must continue to harden their systems by adopting zero-trust principles, enforcing strong privileged access controls and ensuring third-party providers meet the same high bar for security. These measures help contain the impact of any incident and keep essential services running even when attackers try to cause chaos.”