Sep 22, 2025 12:09:00

Hundreds of thousands of passengers at Heathrow and Berlin airports faced flight delays and cancellations due to a cyber attack on check-in system vendor Collins Aerospace

Collins Aerospace , an aviation and defense technology company that provides check-in desk technology to several airlines, was hit by a cyber attack, causing flight delays at multiple airports from the evening of September 19, 2025. Hundreds of thousands of passengers faced flight delays at London Heathrow Airport and Berlin Airport on September 21 local time.

Disruption continues at Heathrow, Brussels and Berlin airports after cyber-attack | Airline industry | The Guardian
https://www.theguardian.com/business/2025/sep/21/delays-continue-at-heathrow-brussels-and-berlin-airports-after-alleged-cyber-attack

Heathrow flights delayed and canceled as cyber-attack hits European airports | Heathrow airport | The Guardian
https://www.theguardian.com/uk-news/2025/sep/20/heathrow-airport-delays-cyber-attack-berlin-brussels-cancelled-delays

Hundreds of flights delayed at Heathrow and other airports after apparent cyberattack | TechCrunch
https://techcrunch.com/2025/09/21/hundreds-of-flights-delayed-at-heathrow-and-other-airports-after-apparent-cyberattack/

Collins Aerospace is an aviation technology company that provides check-in systems for multiple airlines at airports around the world. On September 20, 2025 local time, Collins Aerospace announced that its passenger processing system, MUSE , used for electronic customer check-in and baggage drop-off, had been affected by a cyberattack. The company explained that it is 'actively working to resolve the issue and strive to restore full functionality as quickly as possible.'

UK Transport Minister Heidi Alexander said, 'We are aware of issues affecting airline check-in and boarding at Heathrow and other European airports.' 'We are receiving regular updates and are closely monitoring the situation. Anyone due to fly at Heathrow today should check with their airline before travelling,' she said, revealing that the cyber attack on Collins Aerospace has affected multiple airports.

On September 21, 2025 local time, Belgium's

Brussels Airport asked airlines to cancel half of their flights scheduled to depart on Monday. Brussels Airport explained that the reason for the cancellations was that 'Collins Aerospace has not been able to provide a new, secure version of its check-in system,' and acknowledged that a cyberattack had occurred.

Brussels Airport is urging passengers to check the status of their flights before traveling, and to arrive at the airport at least three hours before departure for long-haul flights and two hours before departure for short-haul flights. Airlines could manually check in passengers.

According to data company Flightradar24 , 90% of the more than 350 flights at Heathrow Airport were delayed by 15 minutes or more. After the cyberattack was discovered, 13 flights were canceled on September 21, and six flights were canceled by 3 p.m. on September 22. The average delay at Heathrow was 34 minutes, according to The Guardian.

A Heathrow spokesperson said the 'underlying issues are beyond our control,' but added that extra airport staff had been deployed to deal with the disruption. However, Heathrow has not ordered flights to be cancelled on September 22, and most flights are expected to operate.

Heathrow Airport also said: 'Check-in was affected by an issue with Collins Aerospace's aviation systems on Friday, and work is ongoing to resolve it. We apologise to customers for any delays caused. However, by working with airlines, the vast majority of flights continue to operate.'

At Brussels International Airport, 86% of all flights were delayed by 3:00 PM on September 21, with delay times ranging from 15 minutes to four hours. Brussels International Airport also announced that 15% of scheduled flights would be canceled on September 20 and 21, with an airport spokesperson revealing that 25 out of 234 flights were canceled on September 20 and 50 out of 257 flights were canceled on September 21.

At Berlin Airport, 73% of the approximately 200 flights were delayed. The airport explained on its website that the reason for the delays was 'a system failure with our service provider, which is causing extended waiting times. Please use online check-in, self-service check-in, or fast bag drop services.'

Dublin Airport was also affected by the cyber attack, with most flights delayed over the weekend of the third week of September.

The UK's National Cyber Security Centre also said it was working with Collins Aerospace, UK airports and law enforcement to assess the impact of the incident.

Alan Woodward, a cybersecurity professor at the University of Surrey, questioned why only a few European airports were affected by the attack, even though MUSE is used in airports across Europe. 'If MUSE was centrally managed, the attackers could have affected airports other than the one targeted by the attack,' he said.

In August 2025, the UK car manufacturer Jaguar Land Rover halted car production for three weeks due to a cyberattack, and in early 2025, the UK's largest retailer, Marks & Spencer , also suffered a cyberattack.