Cyber-attack causes delays at Heathrow and other European airports
Several European airports, including Heathrow, have been struck by a cyber-attack affecting electronic check-in and baggage control systems. Heathrow has been warned of delays as a result of a technical issue impacting Collins Aerospace’s software used by many airlines. On Friday night, the cyber-attack forced passengers to be checked in and boarded manually, according to Brussels Airport, while Berlin Brandenburg Airport also reported longer waiting times due to the disruption. RTX, the parent company of Collins Aerospace, confirmed it was aware of a cyber-related issue at several airports and that it was responding as swiftly as possible.
The effect is limited to electronic customer check-in and baggage drop, and can be mitigated by manual procedures, the company explained.
The attack targeted the Muse software, which allows multiple airlines to share check-in desks and boarding gates rather than requiring dedicated facilities, the airline reported. The BBC confirmed that British Airways was operating normally using a back-up system, though most other airlines at Heathrow were affected. Hundreds of flights were delayed throughout Saturday, according to the flight tracker FlightAware. Lucy Spencer, a passenger, said she had been waiting for more than two hours to check in for a Malaysia Airlines flight, with staff manually tagging luggage and checking passengers in over the phone.
“They told us to use the boarding passes on our phones, but when we got to the gates, they weren’t working. We were then directed back to the check-in desk,” she told the BBC from Heathrow’s Terminal 4, adding that hundreds of people were queuing. Another passenger, Monazza Aslam, reported being stuck on the tarmac for over an hour, missing her onward connection at Doha, and having “no idea” when her flight would depart.
“I’ve been at Heathrow with my elderly parents since 05:00,” she said, adding, “We are hungry and exhausted.”
By contrast, Luke Agger-Joynes noted that although queues at Terminal 3 were much longer than usual, his US-bound airline and the airport were running on time. “The queues were moving much faster than I expected, and staff were calling out specific flights and pulling people from the line to make sure they didn’t miss departures,” he said.
To minimise disruption, Heathrow confirmed that additional staff had been deployed to check-in areas. Passengers were advised to confirm their flight status with airlines before travelling and to arrive no later than three hours before long-haul flights or two hours before domestic services. Transport Secretary Heidi Alexander said she was aware of the incident, was receiving regular updates, and was monitoring the situation closely.
Both EasyJet and Ryanair – Europe’s two largest airlines, though neither operates from Heathrow – confirmed their flights were unaffected. Brussels Airport, however, warned of “significant impact” on its schedules, including cancellations and delays. On Saturday morning, long queues and large crowds were seen at the airport. According to Eurocontrol, Europe’s joint aviation safety body, airlines were asked to cancel half their flights to and from Brussels between 04:00 GMT on Saturday and 02:00 on Monday. Dublin Airport was also affected, reporting similar issues. Its Terminal 2 was evacuated as a safety precaution, though the reason for the evacuation has not been disclosed.
Travel journalist Simon Calder said any disruption at Heathrow was “potentially catastrophic,” adding: “Departure control is extremely complex. These systems are interconnected, so a small problem in Brussels or Berlin means passengers miss connections, flights are delayed, and crews are displaced. Things will likely get worse before they improve.”
The incident follows a global IT failure in September last year, when a software update by cybersecurity firm CrowdStrike grounded flights across the United States. Analysts at the time warned it revealed the aviation sector’s vulnerability to digital technology failures.
Although some unverified reports have claimed this latest attack was carried out by Kremlin-sponsored hackers, most large-scale cyber-attacks in recent years have been linked to criminal groups motivated by financial gain. Extortion gangs have earned hundreds of millions of pounds annually by using ransomware, demanding payments in cryptocurrency. Experts cautioned it is far too early to determine who is behind this attack. While some believe ransomware may be involved, state-sponsored actors are also known to carry out ransom-based operations. Collins Aerospace has yet to comment publicly on the origin of the hack.
Many cyber-crime groups are based in Russia or other former Soviet states, and some are thought to have links to Russian authorities. However, arrests have also taken place elsewhere; in recent years, British and American teenagers have been accused of carrying out major cyber-attacks on targets including Las Vegas casinos, Marks & Spencer, the Co-op, and Transport for London.
