A coordinated cyberattack early today knocked out check‑in, security and baggage systems at a major European hub, grinding passenger processing to a halt and forcing widespread cancellations and diversions.
What happened
– In the pre-dawn hours technicians discovered encrypted malware had spread through core airport servers, taking offline systems that manage check‑in, security lanes and baggage reconciliation. Attackers appear to have used stolen credentials and ransomware to lock key machines.
Screens and kiosks across several terminals showed system errors as staff scrambled to contain the incident.
Immediate impact
– The disruption hit during busy operational hours. Departure desks and security lanes were shut down, airlines paused check‑in and boarding for affected flights, and several services diverted or returned to their gates. Ground handlers reverted to manual procedures where possible, but long queues and delays persisted as baggage handling and aircraft turnarounds slowed dramatically.
Response and investigation
– National cyber units have taken charge of the digital probe and are working closely with airport IT teams and police. Forensic specialists are isolating infected equipment, segmenting networks to prevent lateral movement, and preserving logs to piece together how the breach unfolded. Authorities say decryption and integrity checks are priorities before full systems can be restored.
Wider implications and background
– Airports are complex environments with many interdependent systems, making them attractive targets for attackers. Preliminary analysis points to legacy network access and weak credential management as likely factors that enabled the intrusion. Investigators are also probing whether any passenger or operational data was exfiltrated and are coordinating with international partners to identify the culprits and assess broader regional risks.
Advice to travelers
– Expect delays and possible cancellations. Airlines and airport authorities advise passengers to check flight status with their carriers before traveling and to allow extra time for security and boarding while manual checks remain in place.
What happens next
– Recovery timelines remain uncertain. Teams are working to decrypt affected systems, verify their integrity and bring services back online safely. National cyber units and airport management say they will provide further updates as the investigation progresses.
