European airports hit by cyber attack on check-in provider
Heathrow, Brussels and Berlin suffer delays and cancellations after Collins Aerospace is targeted
Airports including London’s Heathrow, Berlin Brandenburg and Brussels reported flight delays and cancellations on Saturday after a cyber attack on the company providing check-in technology.
Heathrow said that Collins Aerospace, “which provides check-in and boarding systems for several airlines across multiple airports globally, is experiencing a technical issue that may cause delays for departing passengers”.
The airport, which shut down for 24 hours in March because of a fire at an electricity substation, advised passengers to check their flights before travelling to Heathrow, and not to arrive more than three hours before their scheduled departure for long-haul flights or two hours for shorter trips.
Around a dozen inbound flights were cancelled, and a similar number of outbound flights were also affected, a spokesperson said.
British Airways, the largest airline at Heathrow, said it was not affected because it had a backup system that allowed it to continue processing customers. Gatwick and Luton airports were not affected.
Brussels Airport said that 17 flights had been cancelled and four diverted after it was forced to manually enter details for passengers who checked in at the airport, or had hold luggage. It asked airlines to cancel half their scheduled departure flights on Sunday.
“There was a cyber attack on Friday night, 19 September against the service provider for the check-in and boarding systems affecting several European airports including Brussels Airport,” the airport said. “This means that at the moment only manual check-in and boarding is possible.”
Berlin Airport said it was experiencing longer wait times for customers checking in.
RTX, the US aerospace and defence company that owns Collins, said: “We have become aware of a cyber-related disruption to our MUSE software in select airports. We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible.”
It added: “The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations.”
The breach appears to be the second such attack on the group.
In 2023, the names, addresses and contact details of pilots and other staff affiliated with Collins’ partner companies were allegedly leaked following an attack claimed by ransomware group BianLian.