Passengers at Heathrow could face another day of disruption after a cyber attack affected several major European airports.
Terror law watchdog Jonathan Hall KC said it was possible state-sponsored hackers could be behind the attack on Collins Aerospace, which operates check-in and boarding systems.
On Monday morning Heathrow said work was continuing to “resolve and recover” from the “outage” in the system.
Work continues to resolve and recover from the outage of a Collins Aerospace airline system that impacted check-in. We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.
— Heathrow Airport (@HeathrowAirport) September 21, 2025
We encourage… pic.twitter.com/S40IbNveqK
Mr Hall, the independent reviewer of terrorism legislation, said attributing the attack would not be easy.
Asked if a state like Russia could have been responsible for the attack, he told Times Radio “anything is possible”.
He said: “Yes, it’s possible that this is carried out directly by a state, but it’s equally possible to be carried out by a private entity that is, sort of, allowed to operate and does it for a combination of public and private reasons.”
Disrupted airport operations also on Monday 22 September, causing flight delays and cancellations. Check the status of your flight before coming to the airport. More information on our website: https://t.co/CGtagAiP9J pic.twitter.com/s9c74VeQ5K
— Brussels Airport (@BrusselsAirport) September 21, 2025
That meant attacks were “deniable” for states, even if hackers were based there.
He said: “There are some very capable private entities, let’s say, in Russia or China, who won’t necessarily be being directed by Russia or China.
“So it’s not as if a member of the GRU (the Russian military intelligence agency) is necessarily going into a company and saying that ‘you’ve got the capability of knocking out some UK infrastructure, please go and do it now’.
“It’s also possible, in this ecosystem that exists in some of these countries, that a company, an entity, carries out a hack and simply does it for patriotic reasons, or does it because they want to curry favour, or maybe there’s some sort of informal relationship with them.
“So although we think, understandably, about states deciding to do things it is also possible for very, very powerful and sophisticated private entities to do things as well.”
The attack caused disruption at Heathrow, Brussels and Berlin over the weekend.
In a statement on Monday morning, Heathrow said: “Work continues to resolve and recover from an outage of a Collins Aerospace airline system that impacted check-in.
“We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.”
Passengers should check their flight status before travelling to the airport and arrive no earlier than three hours before long-haul flights and two hours for short-haul.
Brussels Airport said it was expecting disruption to continue on Monday with delays and cancellations.
The airport said it was using iPads and laptops to check passengers in online. Of roughly 550 departing and arriving flights, 60 had to be cancelled on Monday.
Operations at the Berlin airport were also still disrupted on Monday, leading to delays of over an hour for runners in the German capital for the Berlin Marathon who were trying to head home.
