Several major airports in Europe experienced flight delays or cancellations on Saturday (September 20) due to a cyber attack on the check-in and boarding system provider. Affected airports include London Heathrow, Brussels, Berlin Brandenburg, and some Irish destinations also faced disruptions.
Collins Aerospace confirmed that its MUSE (Multi-User System Environment) software provided to multiple airlines experienced a “network-related interruption.” This system allows passengers to self-check-in, print boarding passes and luggage tags. The parent company RTX stated that the issue is limited to electronic check-in and luggage drop-off, which can be temporarily addressed through manual processes and efforts are underway for full recovery.
According to reports from the Associated Press, Heathrow Airport noted that the problem could lead to delays for departing passengers; Brussels Airport stated that they have switched to manual processes, causing “significant impact on flight schedules,” with 10 flights canceled by mid-morning and an average delay of about an hour. Berlin Brandenburg Airport website advised passengers to expect longer waiting times. According to aviation data company Cirium, a total of 29 flights have been canceled in the three locations.
Reuters also reported that the chaos extended to the terminals. UK journalist Tereza Pultarova, who was scheduled to fly from Heathrow to Amsterdam for a connecting flight in the morning, was stranded due to the airline’s lack of service counters. She described the scene as chaotic, with the majority of people feeling frustrated. In Berlin, passenger Kim Reisen complained about the lack of information, only being informed of “technical faults”; another traveler, Siegfried Schwarz, questioned, “How is it possible to not prevent such issues with today’s technology?”
Dublin and Cork airports in Ireland later reported minor impacts. The German Federal Office for Information Security (BSI) stated that they are in contact with Berlin Airport. The UK’s National Cyber Security Centre mentioned working with Collins Aerospace and the affected UK airports to assess the event’s impact.
Several airlines have responded to the situation. Delta Air Lines expects minimal impact and has implemented contingency measures; United Airlines acknowledged minor delays but no flight cancellations. EasyJet stated normal operations, while Ryanair and the parent company of British Airways, IAG, have yet to respond.
Cybersecurity experts pointed out that the incident highlights the vulnerability of infrastructure relying on third-party suppliers. Digital chief at NymVPN, Rob Jardin, bluntly stated, “Hackers are being weaponized by hostile states, and the supply chain has become a shortcut to creating chaos.”