Passengers across Europe faced another day of queues and missed connections after a cyber incident hit a key check-in and boarding system used by multiple airports.
The outage began late Friday and forced airlines at London’s Heathrow, Brussels Airport, and Berlin Brandenburg to switch to manual procedures, triggering rolling delays and a wave of cancellations through the weekend.
Airport and government officials said the disruption stems from compromised software supplied by Collins Aerospace, a unit of RTX. The product, known as MUSE, supports staffed check-in desks and linked baggage functions.
Online and self-service kiosks remained available in many terminals, which helped keep some flights moving. Investigations are ongoing and authorities have not attributed the attack to any group. Aviation safety and air traffic control were not affected.
Conditions improved on Sunday at Heathrow and Berlin as airlines cleared backlogs and rerouted staff to the counters still operating. Brussels remained the weak point.
The airport said it had asked carriers to cancel roughly half of Monday’s departures because a fully secure update to the affected system was not yet available.
Over the weekend, staff fell back on paper processes and backup laptops to keep essential flights operating, but throughput lagged normal volumes.
Airlines urged customers to check flight status before leaving for the airport, allow extra time, and use online check-in where possible. Some carriers told passengers to arrive with printed boarding passes to speed the manual screening and bag tagging at staffed desks.
The incident spotlights a familiar but stubborn risk in modern aviation, a shared reliance on a handful of third-party vendors that sit behind the counters and kiosks most passengers barely notice.
When one of those providers falters, the ripple effects can jump borders in minutes. For airports and airlines that have trimmed staffing and gate buffers to protect margins, recovery from a software outage is particularly slow.
Rebuilding a day’s worth of sequencing around crews, aircraft rotations, and slot times is a complex puzzle even when the underlying systems are running.
National cyber agencies have been assisting the vendor and affected airports, but formal findings could take time.
If the investigation confirms a breach that exploited known vulnerabilities, it would add pressure on suppliers and their customers to accelerate patching cycles and segmentation of operational technology from public networks.
Airline stocks in Europe will also be in focus given lost revenue from cancellations, rebooking costs, and potential passenger compensation under EU rules.
The weekend timing limited immediate market reaction, but carriers with heavy exposure to Brussels could see outsized moves if disruption spills into the workweek.
Still, the operational pattern so far suggests a localized shock rather than a systemwide failure. Heathrow and Berlin reported measurable improvement by Sunday, which could help temper investor concerns about a prolonged drag on yields and unit costs.
While airports and airlines have increased spending on cyber defenses, this episode underscores how attackers can create outsized pain by targeting a vendor’s software rather than a single airline.
If Brussels can restore full electronic check-in and baggage drop, the immediate revenue and reputational damage may be contained.
If not, pressure will rise on airlines to trim schedules, and on the vendor to provide clear timelines and technical detail.
