The European Union’s cybersecurity agency ENISA confirmed Monday that the airport disruptions across Europe that began over the weekend were the result of a ransomware attack.
Related: Cyberattack Disrupts Check-Ins, Delays Hundreds of Flights at Heathrow and Other Airports
“ENISA is aware of the ongoing disruption of airports’ operations, which were caused by a third-party ransomware incident. At this moment, ENISA cannot share further information regarding the cyberattack,” the agency said in an emailed statement to TechCrunch.
The attack targeted Collins Aerospace, a company that provides check-in systems to several airports, including Berlin, Brussels, and London’s Heathrow. Collins Aerospace said it was working with affected airports to restore services, according to Reuters, which first reported ENISA’s statement.
On Saturday, The Guardian reported that the ransomware targeted the company’s passenger processing system called MUSE, which enables multiple airlines to share check-in desks and boarding gates rather than relying on dedicated infrastructure.
Collins Aerospace, owned by defense contractor RTX, has not yet commented publicly. It remains unclear who is behind the cyberattack.
The incident has disrupted check-in processes, triggered flight delays and cancellations, and caused ongoing headaches for travelers since Friday night.
