A cybersecurity expert has warned that the real risk to passengers, staff and airlines of the cyber attack targeting major European airports is being overlooked.
The ransomware attack hit Collins Aerospace, a US supplier whose MUSE check-in/boarding software is used by many European airports – including Heathrow – forcing them to switch to manual processes.
At London Heathrow, the UK’s largest airport, some automated check-in/boarding functions were unavailable and manual processing caused delays for certain flights, though many services returned to normal as systems were recovered.
Brussels, Berlin and several other European airports saw more severe cancellations and delays.
Zain Javed (below), CTO at Lancaster-based Citation Cyber, says headlines around queues and cancellations have downplayed what he terms the ‘gold dust’ prize – namely data.
“The piece that isn’t being talked about enough is the data angle,” he said. “Outages grab headlines because of queues and cancellations, but if attackers were inside MUSE, they could also have accessed passenger details, staff accounts, or even airline credentials.
“That kind of information is gold dust for cybercriminals. It can be sold on or used in future attacks long after the airport queues have cleared. The operational disruption is painful, but the hidden long-term risk is data exposure.
“It could fuel future cyber attacks long after the queues at Heathrow have cleared.”
Collins Aerospace has worked to restore systems and roll out secure updates, while European Union cybersecurity authorities (ENISA) and national law enforcement agencies have launched investigations.
At the time of reporting, the origin of the attack had not been publicly confirmed.
“By breaching the vendor, they managed to hit Heathrow, Brussels, and Berlin all at once. It’s a back-door route that bypasses the airport’s own defences and shows just how exposed organisations are through their suppliers,” explained Javed.
“The biggest impact at Heathrow was right at the passenger touchpoints. Self-service kiosks and bag-drop systems were knocked out, forcing airlines to check people in manually and even hand-write luggage tags.
“That created queues and delays that rippled through to boarding and flight schedules. Safety systems and air traffic control weren’t touched, but for passengers it meant a very visible breakdown in the airport experience.”
Tech Prosperity Deal? It’s just ‘sloppy seconds from Silicon Valley’
Javed said that check-in systems are still being patched and in some places staff are relying on manual workarounds. “Right now, it’s a mix of technical firefighting and operational triage. Engineers are isolating affected servers, scrubbing out malware, and rolling out software updates, while at the same time Heathrow staff are keeping passengers moving with manual processes,” he said.
“Cyber teams are combing through logs to confirm how attackers got in and to make sure there’s no lingering back-door. Government cyber agencies will be looped in before everything is signed off. It’s the unglamorous but vital work that ensures the fix holds.
“Realistically, I’d expect residual disruption for another day or so until every terminal is back online and only once thorough security checks confirm the systems are clean.”