A cyber attack targeting systems used for passenger check-in and boarding caused widespread disruption across several major European airports on Friday, including London’s Heathrow, Brussels and Berlin, leading to flight cancellations and delays.
The problems were traced to MUSE, software developed by Collins Aerospace, which supplies check-in and boarding systems to multiple airlines globally. Its parent company, RTX, confirmed it was dealing with a “cyber-related disruption” but did not identify the source of the attack or specify which airports were affected.
Heathrow, Europe’s busiest hub, confirmed it was among those impacted. Brussels Airport and Berlin Airport also reported significant operational problems, while Dublin Airport said it was facing “minor impact” later in the day. The disruption came just hours after Dublin’s Terminal 2 had reopened following a separate security alert that forced an evacuation.
RTX said the cyber attack primarily affected electronic check-in and baggage drop, but manual systems were in place to reduce disruption. “We are working to resolve the issue as quickly as possible,” the company said.
Despite those assurances, data provider Cirium reported 29 cancellations across Heathrow, Berlin and Brussels by midday. Brussels officials said there had also been four flight diversions and “delays on most departing flights.” The airport asked airlines to cancel half of Saturday’s departures to prevent overcrowding and last-minute cancellations, suggesting problems would spill into the weekend.
In total, 651 departures were scheduled from Heathrow, 228 from Brussels and 226 from Berlin. Frankfurt Airport, Germany’s busiest, said it was unaffected.
The European Commission said there was no evidence yet of a “widespread or severe attack,” though the incident remained under investigation. Experts said the disruption was consistent with ransomware or deliberate sabotage.
“This highlights the fragile and interdependent nature of the digital ecosystem underpinning air travel,” said Rafe Pilling, threat intelligence director at cybersecurity firm Sophos. “The threat is significant and very real.”
Collins Aerospace has previously been listed on cyber breach-tracking sites as a victim of ransomware attacks in 2023. The company declined to comment on those reports or provide further detail on the latest incident.
Passengers described being left in the dark. “We haven’t been told anything except that there was a technical fault,” said traveller Kim Reisen at Berlin Airport. Another passenger, Siegfried Schwarz, called the attack “incomprehensible” and questioned why such systems could not be better defended.
Airlines were affected to varying degrees. EasyJet said its flights were operating normally, while US carrier Delta reported only minor delays after implementing a workaround. United Airlines also reported some delays but no cancellations. Ryanair and IAG, the parent company of British Airways and Aer Lingus, did not comment.
British Transport Minister Heidi Alexander said she was receiving regular updates, while cyber defence agencies in the UK and Germany confirmed they were liaising with affected airports.
