Some of Europe’s busiest airports fought to restore normal operations after a cyberattack disrupted automatic check-in systems over the weekend, with Brussels Airport asking airlines to cancel roughly half of Monday’s departures.
The incident began on Friday when attackers targeted check-in and boarding systems provider Collins Aerospace, a unit of RTX, knocking offline parts of its widely used MUSE software and affecting hubs including London Heathrow and Berlin Brandenburg. The outage crippled automated check-in and bag-drop services across multiple carriers, forcing airports to switch to manual operations and adding significant strain to passenger processing.
In a statement early Monday, Collins said it was working with the four impacted airports and airline customers to restore full functionality and was in the final stages of rolling out secure software updates. RTX added that disruption could be mitigated through manual check-in processes until the updated systems were live.
Passengers faced long queues, flight cancellations, and significant delays over the weekend. Brussels Airport confirmed that 50 of Sunday’s 257 scheduled departures were canceled, while 25 flights were scrapped the previous day. Heathrow and Berlin officials reported improvements by Sunday, but delays and cancellations persisted. Aviation data provider Cirium reported low delays at Heathrow, moderate delays in Berlin, and significant delays in Brussels.
Operational Workarounds And Recovery
Airports used manual check-in procedures, extra staffing, and contingency workflows to keep operations moving. While these measures reduced chaos, they created longer wait times for check-in, boarding, and baggage reclaim. Full recovery depends on Collins Aerospace completing secure updates and verifying systems before returning to normal automated operations.
European regulators and cybersecurity agencies have launched investigations into the attack’s source. The incident highlights the rising threat of supply-chain attacks targeting third-party software providers. Recent examples include breaches at Jaguar Land Rover that halted production and at Marks & Spencer resulting in major financial losses. Experts warn that vendor-targeted attacks can quickly ripple through global travel and logistics networks.
What This Means For Airport Cybersecurity
This event underscores the critical dependency airports have on third-party IT systems for passenger management. A single provider outage can result in massive operational disruptions. Experts recommend measures such as network segmentation, offline recovery plans, immutable backups, and close vendor coordination to minimize risks and restore operations faster in the event of future cyber incidents.
