LONDON – On Saturday morning, crowds at Heathrow Airport faced blank screens and mounting confusion. A “technical glitch” quickly escalated into a major cyberattack that shut down check-in and boarding systems at several large European airports.
The disruption left thousands stuck and airlines scrambling to respond. Delays and cancellations spread by the evening, from Brussels to Berlin and other cities, marking what many experts call one of the boldest strikes against Europe’s air travel in recent years.
The attack targeted Collins Aerospace, a US-based subsidiary of RTX Corporation. Their MUSE software controls essential systems in airports worldwide, from self-service kiosks to bag drops and digital boarding passes.
When MUSE failed, staff had to use pens and paper to manage flights, echoing scenes from decades ago. Heathrow, which usually sees more than 80 million travellers each year, reported only a few direct cancellations but hundreds of delays. About 40% of these affected flights are coming in from other European cities.
Maria Gonzalez, whose British Airways flight to New York faced a three-hour delay, told Reuters: “It feels like everything’s frozen; we’re just waiting.”
European Air Traffic Delays
Problems quickly spread across Europe. Brussels Airport saw some of the worst delays. Officials told airlines to cancel around half their Sunday flights (about 100 departures) to prevent even longer waits. Passengers were told to check their tickets before heading out.
At Berlin’s Brandenburg Airport, people waited for hours at crowded manual check-in counters. In Ireland, Dublin and Cork airports reported only minor issues. Frankfurt, one of Europe’s largest hubs, watched events closely, though it remained mostly unaffected by the cyberattack.
Eurocontrol, which oversees European air traffic, reported over 500 delays by midday Sunday. The disruptions were expected to continue throughout the week. According to FlightAware, at least 17 flights were cancelled in Brussels alone, and many others ran late.
Notice boards at Heathrow warned of late flights to cities like Paris, Amsterdam, and Rome. Travellers across Europe faced long waits, extra costs for hotels, and rearranged journeys. Some managed to rebook with budget airlines like EasyJet, which avoided the worst by using different technology.
The crisis highlighted Collins Aerospace’s central role in airport operations. Recently, the company secured a €150 million NATO contract for warfare planning software. This raised questions about whether the attack was random or targeted. Rafe Pilling, a cybersecurity analyst at Sophos, told CNN the careful focus on Collins pointed to “high-level skill, perhaps linked to ransomware or deliberate sabotage.”
Eyes on Russia Over Cyberattack
RTX acknowledged a “cyber-related disruption” with MUSE at some airports, stating that safety systems remained functional and manual processes were underway. The company’s brief message to clients offered no details about when systems might return or who was behind the attack.
Authorities are looking into who carried out the hack, but have released little information. The British National Cyber Security Centre is working with Collins, the Department for Transport, and the police to investigate the cyberattack. A spokesperson said they are assessing the impact, while Transport Minister Heidi Alexander advised travellers to stay updated.
Germany’s cyber security agency (BSI) worked with Berlin Airport to address the disruption, and Belgian officials said they would keep monitoring the case closely. The European Commission called it a localized event and stressed there was no sign of a much bigger threat, though the investigation continues.
Attention has fallen on Russia, especially given recent reports of cyber activity as a form of hybrid warfare. Paul Charles, an aviation consultant, called the incident “a clever cyberattack” that used the cross-border nature of airport technology to cause maximum trouble.
He linked this event to the CrowdStrike IT outage in July 2024 that had stopped flights worldwide.
Concerns Raised by NATO
Some politicians demanded answers, wondering if Russia was responsible, given concerns raised by NATO. No group has claimed the attack or stolen passenger data so far, which offers some reassurance. Collins manages sensitive data for airlines across Europe, including British Airways and Lufthansa.
Authorities across Europe have worked quickly to contain the situation. Eurocontrol asked airlines to cancel half of Brussels’ flights until Monday morning, choosing to reduce regional flights first to keep long-haul routes moving.
Heathrow brought in more staff to process luggage and boarding lists by hand. Officials stressed that flight safety and air traffic control were unaffected. Still, for many families, lost connections and frustration were unavoidable, and airlines faced an estimated €50 million in losses.
Europe’s aviation sector has faced a 600% increase in cyberattacks over the past two years, as reported by Thales. Attacks like the ransomware event in Seattle last year and the July CrowdStrike outage show airports are frequent targets due to their visibility.
Charlotte Wilson from Check Point highlighted the need for better sharing of information between governments, airlines, and tech providers. Professor Alan Woodward from the University of Surrey questioned why systems depended so heavily on a single provider like Collins and why only a few airports were so hard-hit by the cyberattack.
By Sunday, passengers such as Siegfried Schwarz in Berlin were still facing delays, with some expressing disbelief that modern systems could fail so completely. While flights were slowly resuming, travellers were advised to keep checking for updates, pack items to pass the time, and prepare for changes. The incident serves as a clear warning: even the best-connected networks are only as stable as their weakest links.
