A cyberattack against a third party supplier disrupted automated check-in and boarding at several major European hubs over the weekend, triggering queues, delays, and flight cancellations. Airports confirmed that systems tied to Collins Aerospace’s MUSE platform were affected, limiting electronic check-in and baggage drop. Heathrow, Berlin Brandenburg, Brussels, Dublin, and Cork all reported issues, with the most persistent disruption concentrated at Brussels.
What happened and where
The incident began on Saturday and immediately affected departure processing at multiple airports. Heathrow and Berlin enacted manual workarounds to keep schedules moving, while Brussels faced sustained pressure. Aviation data tallied hundreds of delays across the three hubs during peak disruption, with dozens of cancellations recorded by different trackers through the day. To manage passenger flow and reduce last minute scrubs, Brussels directed airlines to cut half of departing flights first on Sunday and then again for Monday.
Vendor response and system status
Collins Aerospace acknowledged a cyber related disruption impacting selected airports’ MUSE environments and prioritised software updates with affected customers. The company indicated that manual check-in could mitigate core functions while updates were readied. By Sunday, Heathrow and Berlin reported operations trending toward normal patterns, although both warned of intermittent delays tied to processing, baggage handling, and boarding. Brussels, by contrast, continued to limit departures while it awaited a secure, updated build from the supplier to restore full capability.
Passenger experience and operational workarounds
Across the network, airlines shifted to manual procedures for document checks, bag acceptance, and boarding verification. Airports advised travellers to complete online check-in where available and arrive early. Lines were longest at hubs with higher long haul volumes and complex baggage flows. Instances of queue spillover and heightened passenger frustration were reported at Heathrow Terminal 4 during the peak window on Saturday.
Knock-on effects and international advisories
The operational shock extended beyond Europe. Delhi’s airport issued an advisory that Europe bound services could see delays and urged passengers to check with their carriers. Indian carriers with London operations warned of slower check-in at Heathrow and asked customers to complete web check-in to ease throughput. European authorities said they were monitoring the cyber incident, and national cybersecurity teams engaged with the impacted operator and hubs.
Outlook for recovery
Heathrow and Berlin indicated that the majority of flights continued to operate, with residual delays expected until automated processes were fully restored. Brussels maintained its reduced schedule to control congestion, noting that restoration remained contingent on receipt and deployment of a secure software update. Regulators and security agencies continued to review the source and method of the intrusion, reflecting a wider pattern of attacks targeting critical transport and retail systems this year.
