Heathrow cyberattack disrupts check-in for a second day as EU airports reel

A cyberattack that targeted Collins Aerospace's Muse software disrupted electronic check-in and baggage drop at Heathrow Airport, triggering a second day of travel disruption as hundreds of flights were delayed or cancelled. The outage began Friday and sent ripple effects across Europe, with Brussels and Berlin airports reporting delays as the system struggled to recover. Heathrow said it was actively working to resolve the outage and recover operations, while urging travelers to check flight status and plan for extra time.

Passengers arriving at Heathrow's Terminal 4 faced queues, delays and confusion over whether they would make their planned trips. Airports spokesman issued notices and travelers were advised to arrive early, with guidance posted on the airport's website. Affected flights were being processed manually where possible, and airline operations varied by terminal. British Airways, operating mainly from Terminal 5, reported fewer disruptions thanks to a backup system, but the majority of other carriers at Heathrow were affected by the outage.

Collins Aerospace confirmed it was addressing a cyber-related disruption to its Muse software, which enables electronic check-in and boarding at multiple airports. The company said the impact was limited to electronic check-in and baggage drop and could be mitigated with manual check-in operations. RTX, Collins Aerospace’s parent company, said it was aware of the disruption and was working to restore full functionality as quickly as possible.

The disruption drew scrutiny from European authorities. The National Cyber Security Centre, the UK’s public-facing arm of GCHQ, launched an investigation on Friday night and said it was coordinating with Collins Aerospace, affected UK airports, the Department for Transport and law enforcement to understand the attack's impact. The European Commission said it was monitoring the situation and that there were no signs the attack was widespread or severe. It stressed that aviation safety and air traffic control remained unaffected and that it was coordinating with EUROCONTROL, ENISA, airports and airlines to restore operations and support passengers.

Brussels Airport confirmed that an external service provider supporting check-in and boarding systems was experiencing problems, leading to disrupted operations and anticipated delays and cancellations. Berlin Airport reported longer check-in waiting times but noted that some services remained operational. Industry observers cautioned that the attack appeared to exploit the Muse software used globally for automated check-ins and boarding, with officials emphasizing the recovery would rely on a combination of restored automation and manual processing.

While investigators assess responsibility, some defense experts pointed to Russia-linked threats in the broader cyber domain and noted the incident followed a period of heightened tension in the region. Officials stressed that attribution remained uncertain and that early signs did not confirm a widespread or systemic strike on European aviation. The focus for now remains on restoring confidence in the affected systems and minimizing disruption to travelers as the investigation continues.

Travelers across the affected network are advised to monitor airline and airport updates for the latest information, pack accordingly for potential delays, and allow extra time for check-in and security when traveling in the coming days. Airlines and airports said they would continue to work with authorities to resolve the outage and restore normal operations as quickly as possible.