Europe’s busiest airports were thrown into chaos this weekend after a cyberattack targeted a core check-in and baggage handling system used by several major hubs, including London Heathrow, Berlin Brandenburg, Brussels, and Dublin. The disruption, which began late Friday night, rippled across the continent, forcing airlines to revert to manual processes and leaving tens of thousands of passengers stranded or facing hours-long delays.
Heathrow, the United Kingdom’s largest airport—handling more than 200,000 passengers daily and recording over 7.9 million travelers in July alone—was particularly hard hit. On Sunday, the airport acknowledged that it was still “trying to resolve and recover” from the outage and apologized to customers “who have faced delays” (as quoted by AFP). The airport urged passengers to check their flight status before heading to the terminals and to arrive no earlier than three hours for long-haul flights and two hours for short-haul, as reported by BBC.
Brussels Airport, another major European hub, reported at least 10 flight cancellations and 17 delays on Saturday and warned that “difficult airport operations and flight cancellations” would persist until Sunday. The airport requested airlines cancel half of their departures to manage terminal overcrowding. “As a result of a cyberattack on the external service provider of the check-in and boarding systems, check-in operations at several European airports, including Brussels Airport, are heavily disrupted,” the airport said in a statement posted on X (formerly Twitter).
The culprit behind the chaos was identified as a cyberattack on the MUSE software provided by Collins Aerospace, a US-based company whose systems are used at 170 airports worldwide. Collins Aerospace confirmed to AFP and BBC that the impact was “limited to electronic customer check-in and baggage drop,” but the outage was enough to bring routine airport operations to a crawl. Airlines scrambled to process passengers manually, with some, like Air France at Heathrow, unable to board pets without the digital system.
Passengers described scenes of confusion and frustration. “They didn’t tell us anything. It’s always crowded here, but today is like extra,” a 41-year-old architect waiting for a Saudia Airlines flight at Heathrow told AFP. Another traveler, Naomi Rowan from Suffolk, recounted to BBC how she and her dog Dusty were stranded in a hotel after their Air France flight was disrupted: “I had a cry, booked a hotel and managed to get through to Air France on WhatsApp, who say the next available flight for me is Monday.”
At Heathrow’s Terminal 4, passengers endured long queues and uncertainty as airlines processed check-ins by hand. British Airways, which uses a separate system (Amadeus) at Terminal 5, was notably unaffected and continued operating normally, according to BBC and Paddle Your Own Kanoo. Elsewhere, additional staff were deployed to help manage the backlog and minimize disruption, but the sheer scale of the outage proved difficult to overcome. Flight tracker FlightAware reported that 47% of Heathrow’s departing flights were delayed on Saturday.
Berlin Brandenburg Airport also faced significant delays. The airport advised travelers to use online or self-service check-in wherever possible, as manual processes led to longer waiting times. On Saturday alone, Berlin reported 12 cancellations, though most delays remained under 45 minutes.
In Ireland, Dublin and Cork airports experienced “minor impacts” from what they called a “Europe-wide software issue.” Dublin Airport said it expected to operate a full schedule on Sunday, but advised passengers to stay in close contact with their airlines for the latest updates. Cork Airport, meanwhile, reported no disruption to its services as of Sunday.
Eurocontrol, Europe’s aviation safety organization, was quick to respond, asking airlines to cancel half their flights to and from Brussels between 04:00 GMT on Saturday and 02:00 GMT on Monday. “Airports were reporting disruptions in IT systems related to passenger handling,” Eurocontrol noted, emphasizing the widespread impact of the incident.
Collins Aerospace, the software provider at the center of the storm, said late on Saturday that it had “managed to clear domain controller corruption that was causing the outage” and was running final antivirus tests before reopening the MUSE system for airline testing, according to Paddle Your Own Kanoo. The company added, “We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible.”
Despite these efforts, Brussels Airlines maintained its order for airlines to cut planned departures by around 50% through Sunday night. Heathrow, while optimistic about the software’s restoration, prepared contingency plans to limit terminal access if further problems arose. The European Commission, which oversees airspace management across the continent, said it was “closely monitoring the cyber-attack,” but stressed there was “no indication it had been widespread or severe.” Aviation safety and air traffic control remained unaffected, the Commission added.
The identity of the attackers remains a mystery. While some unsubstantiated claims hinted at possible Russian involvement, no group has claimed responsibility. In recent years, loosely affiliated criminal cyber groups such as Scattered Spider and Rhysida have targeted airlines and airports primarily for financial gain rather than political motives. Last August, Seattle-Tacoma Airport suffered a similar fate when its check-in and baggage systems were held hostage as part of an extortion campaign, resulting in more than a week of disruption after the Port of Seattle refused to pay a ransom.
For passengers stuck in terminals or facing missed connections, questions of compensation quickly arose. Under Europe’s EU-261 regulations, travelers are typically entitled to up to €600 if delayed by more than three hours. However, legal precedent suggests that cyberattacks on third-party systems are considered “extraordinary circumstances” beyond an airline’s control, meaning compensation is unlikely. Still, airlines are required to provide care—offering refreshments, hotel accommodation, transportation, and a free phone call for those facing significant delays.
This latest cyberattack is a stark reminder of the vulnerabilities in the aviation industry’s digital backbone. Just last July, a faulty update from cybersecurity firm CrowdStrike led to a global IT crash, grounding flights across the United States. Analysts have repeatedly warned that as airlines and airports become more reliant on interconnected digital systems, the risks of cascading failures—whether from technical glitches or malicious attacks—will only grow.
As the dust settles and investigations continue, Europe’s airports are left grappling with the aftermath. For now, travelers are urged to check their flight status, pack a little extra patience, and hope that the next journey through the terminal is a smoother one.