European airports still disrupted as cyberattack hits check-in systems

A cyberattack on Collins Aerospace’s Muse software disrupted electronic check-in and baggage-drop at several European airports over the weekend, forcing manual processing of passengers and triggering hundreds of flight cancellations and delays. The breach affected major hubs and prompted airports to urge travelers to verify flight status as operations were gradually restored and some facilities continued to operate with manual workarounds. The attack occurred Friday night, and national cyber authorities have opened investigations as officials assess the scope and potential origins of the disruption. While employees and security experts work to restore automated systems, authorities cautioned that delays could persist into Monday and beyond in some locations.

Brussels Airport said on Sunday that the service provider was actively working to resolve the issue, but a timeline for full restoration remained unclear. In a bid to manage the disruption, Brussels asked airlines to cancel almost half of their departures on Monday, with nearly 140 of the 276 scheduled outbound flights scrapped. Brussels also urged passengers to check their flight status with their airline before arriving at the airport and to expect longer processing times at security and gates as staff shifted to manual procedures.

At London Heathrow, Britain’s busiest airport, officials indicated that the vast majority of flights were operating normally on Monday, but some check-in and boarding steps could take longer for certain flights. The airport reminded travelers to verify flight status in advance and to allow extra time when arriving for long-haul and short-haul departures. On Saturday, Heathrow reported a string of disruptions, with at least 12 flights canceled and more than 400 delayed as the systems outage cascaded across many flights in the region. Cirium, an aviation data provider, said the day’s delays were receding gradually, though the disruption persisted across some corridors.

Dublin Airport reported 13 flight cancellations by midday Sunday as the impact of the outage spread to Ireland. Terminal 1 continued to operate normally, but Terminal 2 relied on manual processing to issue baggage tags and boarding passes, creating longer queues and delays for some passengers. IT staff were being flown into Dublin and other affected airports to help implement temporary workarounds while engineers worked to restore automated check-in and bag-tag systems.

In Berlin, Germany, Berlin Brandenburg Airport (BER) said some airlines were still boarding passengers manually and there was no clear timetable for when the technical malfunction would be resolved. Monday was expected to bring significant waiting times and delays of more than an hour for some departures, a BER spokesperson said, as traffic remained heavier than usual with the return of travelers from a major weekend event.

The disruption is tied to Collins Aerospace’s Muse system, a software suite used by airlines globally to automate check-in and boarding processes. Collins Aerospace, a U.S. firm, said it was in the final stages of software updates and that the impact was limited to electronic check-in and baggage drop, which can be mitigated with manual procedures. The company added that it was actively working to restore full functionality as quickly as possible.

Officials stressed that the problem appeared to be localized to the Muse check-in and boarding workflow rather than the broader air traffic control or flight operations networks. The European Commission said it was monitoring the situation and that there were no signs the attack was widespread or severe across the continent. In the United Kingdom, the National Cyber Security Centre launched an investigation on Friday night and has said it is coordinating with Collins Aerospace, affected airports, the Department for Transport and law enforcement to understand the attack’s reach and impact.

Experts and officials have cautioned that the incident comes amid a broader pattern of cyber intrusions across critical sectors, including healthcare and manufacturing. Some analysts pointed to the possibility of Russian-linked actors behind the attack, noting that preparations and geopolitical events surrounding the incident aligned with other recent cyber activities in the region. A former British military intelligence officer said the cyberoffensive bore “all the hallmarks” of a state-sponsored operation, though investigators emphasized that attribution would require careful, evidence-based assessment.

Airport operators and airline customers alike have emphasized patient, cautious planning in the near term. Cirium’s analysis on Monday suggested a pattern of improving delays at some hubs (Heathrow and Berlin showing decreasing delays) while Brussels continued to experience excessive delays that were trending downward. In addition, BER reported a higher-than-usual traffic load due to the return of thousands of marathon runners who participated in a Sunday event, further straining capacity as disruption lingered.

Transit agencies and security authorities have reiterated to travelers the importance of staying informed through official channels, checking flight statuses, and allowing extra time for check-in and boarding until the automated systems are fully restored. With the Muse outage affecting a critical interface for passenger processing, the incident underscores how dependent modern air travel is on digital infrastructure and the potential ripple effects when a single software provider’s service is disrupted.

As the investigation progresses, officials cautioned that while some airports have begun to return to normal operations, the extent and duration of the disruption may vary by location, and travelers should prepare for continued delays and possible cancellations in the coming days until every affected system is fully back online.