Airports across Europe have been facing severe disruption since late Friday evening following a cyberattack on a key service provider for check-in and boarding systems. The incident has disrupted operations at airports in Belgium, Germany, the United Kingdom and Ireland, leaving thousands of passengers grappling with cancellations, delays and uncertainty.
How the attack unfolded
The problems began on the night of 19 September when Collins Aerospace, an American aerospace and defence company, experienced a cyber-related disruption. The company’s MUSE software, widely used for check-in, baggage drop and boarding procedures, became unavailable. The sudden loss of this system forced airports across Europe to revert to manual operations.
Without the automated processes that underpin modern air travel, airports were immediately stretched. Staff accustomed to electronic processing found themselves handwriting luggage tags, printing boarding passes at back-up counters and guiding increasingly frustrated travellers through longer queues.
Impact on Brussels, Berlin and London
Brussels Airport was one of the most severely affected hubs. On Saturday 20 September, the airport cancelled 25 flights out of 234 scheduled departures. On Sunday 21 September, the number rose to 50 out of 257 departures, with a further six flights diverted. The cancellations were pre-emptive, aimed at reducing long queues and avoiding last-minute chaos.
In Berlin, the Brandenburg Airport acknowledged the problem, warning of extended waiting times and urging passengers to allow extra time for their journeys. The airport explained on its website that the difficulties were linked to a system provider operating across Europe.
London Heathrow, the busiest airport on the continent, also experienced problems. Aviation data provider Cirium confirmed that by Saturday 29 flights had been cancelled across Brussels, Berlin and Heathrow combined. With 651 scheduled departures from Heathrow on Saturday alone, the potential for disruption was immense.
Spillover into Ireland
In Ireland, both Dublin and Cork airports confirmed they had been affected. The impact was less severe than in Brussels or London, but still caused delays and complications for passengers. Dublin Airport reported longer queues at check-in, particularly during peak travel times.
Advice for travellers
Airports have been quick to advise passengers not to travel unless their flights have been confirmed. Brussels Airport in particular urged travellers to check with airlines before leaving home. For those whose journeys were going ahead, the airport recommended arriving two hours in advance for flights within the Schengen zone and three hours for flights outside Europe.
Even with these measures, passengers faced significant challenges. Long queues formed across terminals, many travellers reported confusion about the status of their flights, and airlines struggled to keep everyone informed.
A systemic vulnerability
Collins Aerospace confirmed that the disruption was limited to electronic check-in and baggage drop systems, and that manual operations could keep flights moving. Yet the incident has exposed the vulnerability of European aviation to cyber threats. A single attack on a technology supplier was enough to cause turmoil at multiple airports across several countries.
The attack also raises questions about the concentration of digital service providers in aviation. With a small number of companies dominating the market for check-in systems, a failure in one can have a domino effect across the continent.
Wider concerns and unanswered questions
The timing of the disruption has heightened concerns. The cyberattack came just one day after the airport in St Petersburg, Russia’s second largest city, reported that its website had been hacked. While no link has been established, the coincidence underscores the growing international dimension of cyber threats targeting critical infrastructure.
Authorities have not yet identified the source of the attack on Collins Aerospace. The company has not provided a timeline for the restoration of services, and as of Sunday evening the disruption was continuing.
Brussels Airport has already asked airlines to cancel half of the departures scheduled for Monday 22 September, citing the ongoing absence of a secure system from Collins Aerospace. Other airports are also preparing for another day of delays and queues.
For passengers the experience has been a stark reminder of how dependent modern travel is on digital infrastructure. For airports and airlines it is a wake-up call about the importance of cyber resilience and contingency planning. The weekend’s events have shown that while digital systems bring speed and efficiency, they also create vulnerabilities that can spread across borders in a matter of hours.
