On Saturday, September 20, 2025, air travelers across Europe faced an unexpected ordeal as a cyberattack struck the digital heart of several major airports, throwing check-in and baggage systems into chaos. Heathrow Airport, London’s bustling aviation hub and the busiest in Europe, was among the hardest hit, but the disruption rippled out to Brussels Airport, Berlin’s Brandenburg Airport, and others, affecting thousands of passengers and hundreds of flights.
The culprit? A cyber-related disruption targeting Collins Aerospace’s Muse software—a system that allows multiple airlines to share check-in desks and boarding gates. According to Collins Aerospace’s parent company RTX, "The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations." That’s a relief, at least in theory. In practice, the switch to manual check-in led to long lines, frayed tempers, and widespread confusion.
Brussels Airport confirmed that the attack began on Friday night, September 19, and immediately forced staff to revert to manual check-in and boarding procedures. The airport described a "large impact on the flight schedule," with ten flights canceled and average delays of about an hour for all departing flights by Saturday morning. Berlin’s Brandenburg Airport also reported longer waiting times, while Frankfurt Airport, Germany’s largest, remained unaffected—a small consolation for travelers elsewhere.
Heathrow Airport advised passengers to check flight status before heading out and to arrive no earlier than three hours before a long-haul flight or two hours for domestic departures. The advice was well-intentioned, but the reality on the ground was far from orderly. Lucy Spencer, waiting to board a Malaysia Airlines flight, described to BBC News how she spent more than two hours in a queue while staff manually tagged luggage and checked passengers in over the phone. "They told us to use the boarding passes on our phone, but when we got to the gates they weren't working—they've now sent us back to the check-in gate," she said, adding that hundreds of people were stuck in similar limbo.
Other passengers recounted even more harrowing experiences. Monazza Aslam, who had been at Heathrow since 5:00 a.m. with her elderly parents, told the BBC, "We are hungry and tired." She had already missed her connecting flight in Doha after sitting on the tarmac for over an hour with no updates. Johnny Lal, traveling to Bombay for a funeral, said his family would miss their flight entirely, and airport staff were unable to provide his mother with a mobility scooter. "They keep just telling us the systems are down," Lal lamented.
Brussels Airport spokesperson Ihsane Chioua Lekhli told broadcaster VTM that by mid-morning, nine flights had been canceled, four redirected, and 15 faced delays of an hour or more. As the day wore on, the fallout seemed to be somewhat contained, but the sense of uncertainty lingered. Berlin’s Brandenburg Airport reported no cancellations due to the cyberattack by late morning, but delays and confusion persisted. The Berlin airport’s head of communications, Axel Schmidt, said, "We don't have any flights canceled due to this specific reason, but that could change."
British Airways managed to sidestep the worst of the disruption by switching to a backup system, ensuring relatively normal operations. EasyJet and Ryanair, two of Europe’s biggest airlines, reported no significant impact on their flights. U.S. carrier Delta Air Lines said it expected only minimal impact, while United Airlines acknowledged minor departure delays but no cancellations.
Still, for many travelers, the day was marked by frustration and a lack of clear information. Tereza Pultarova, a journalist stranded at Heathrow, told BBC News, "Unfortunately, the airline I'm with ... they don't have a service desk here, so we've been left in the dark. It's been a great chaos, and it's been quite ... frustrating for most people here." At Berlin Airport, Kim Reisen described being told only that there was "a technical fault," while another traveler, Siegfried Schwarz, voiced disbelief that "with today's technology, there's no way to defend yourself against something like that."
Behind the scenes, aviation authorities and cybersecurity experts scrambled to assess both the scope and the source of the attack. The British National Cyber Security Centre said it was working with Collins Aerospace and affected UK airports, alongside the Department for Transport and law enforcement, to "fully understand the impact of an incident." Germany’s federal office for information security, the BSI, was similarly engaged with Berlin Airport over what it called "infrastructure disruptions." The European Commission, responsible for managing airspace across Europe, stated there was no indication of a "widespread or severe attack" and that the origin was still under investigation.
The incident has reignited concerns about the aviation industry’s vulnerability to cyber threats. Hisham Al Assam, a computer science professor at the University of Buckingham, told Reuters that the reliance on common digital infrastructure creates "single points of failure." He explained, "Such models turn efficiency into fragility, where a single compromise can disrupt several airlines at once." Charlotte Wilson of cybersecurity firm Check Point echoed these worries, noting that "these attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once."
Travel analyst Paul Charles told Sky News, "It's deeply worrying that a company of that stature who normally have such resilient systems in place have been affected. This is a very clever cyberattack indeed because it's affected a number of airlines and airports at the same time—not just one airport or one airline, but they've got into the core system that enables airlines to effectively check in many of their passengers at different desks at different airports around Europe."
While speculation swirled about the perpetrators—ransomware gangs, criminal organizations, or even state actors—no group has claimed responsibility, and authorities have not confirmed any attribution. Some political figures, such as Liberal Democrats MP Calum Miller, called for the government to clarify whether the Kremlin was involved, especially after Russian warplanes entered Estonian airspace on Friday. However, cybersecurity experts caution against jumping to conclusions, noting that most major hacks in recent years have been motivated by financial gain rather than geopolitics.
Transport Secretary Heidi Alexander assured the public she was monitoring the situation closely and receiving regular updates. In the meantime, airports deployed extra staff to help manage the crowds and advised passengers to stay in close contact with their airlines for the latest information.
Ultimately, while the immediate chaos of September 20, 2025, may fade, the event stands as a stark reminder of the fragility of the digital systems underpinning modern air travel. For passengers and industry insiders alike, the day’s events underscored the urgent need for stronger cyber defenses and contingency plans in an increasingly interconnected world.