Travelers will wait at Terminal 4 at Heathrow Airport on September 20, 2025 after major European airports, including Brussels, Berlin and London’s Heathrow, suffered “cyber-related chaos.”
Justin Talis | AFP | Getty Images
The disruption at some European airports continued on Sunday’s second day after Collins Aerospace, a check-in technology company targeting cyberattacks.
Heathrow, the UK’s largest airport, was among those affected along with airports in Berlin and Brussels.
On Sunday, Brussels Airport asked airlines to cancel half of their scheduled departure flights on Monday as the check-in system issues remained resolved.
An airport spokesman said Collins Aerospace, the system’s provider, has yet to provide a secure updated version of the software needed to restore its full functionality.
what happened?
Collins Aerospace “provides check-in and boarding systems to multiple airlines across multiple airports around the world,” Heathrow Airport said in a post on X Saturday.
Collins’ parent company RTXIn a statement to Reuters, it said it was aware of “cyber-related disruption” over its muse software.
“This impact is limited to electronic customers check-in and baggage drops, and can be mitigated through manual check-in operations,” RTX, formerly Raytheon Technologies, said in a statement emailed to Reuters. It added that it is trying to resolve the issue as soon as possible.
CNBC has contacted RTX for comments and is waiting for a response.
Which airports are affected?
Aviation Analytics Provider Cirium told CNBC so far on Sunday, 38 departures and 33 arrivals had been cancelled at Heathrow, Berlin and Brussels as of 10am London time.
On Saturday, 35 departures and 25 arrivals were cancelled. Brussels saw the most flight cancellations in the 15.
All three airports issued an updated statement on Sunday.
Heathrow said it is working on “resolving and recovering” following Collins’ suspension, which affected check-in.
Passengers are waiting at Brussels airport as European airports experience disruption due to a cyberattack on check-in and boarding systems in Brussels, Belgium on September 20, 2025.
Anadoru | Anadoru | Getty Images
“I apologize to those facing delays, but working with the airlines has kept the majority of flights up and running.
Brussels said on its website on Sunday that the cyberattacks “has had a major impact on flight schedules and unfortunately caused flight delays and cancellations.” We advised travelers to check their flight status before departing for the airport.
Berlin warned travelers for a long wait due to “system outages at service providers.”
Dublin Airport was also affected, but said he hopes to operate a full schedule on Sunday.
“Some airlines in Terminal 2 continue to generate bag tags and boarding passes using manual workarounds, which means the check-in and bag drop process can take a little longer than usual,” the airport said on X.
Latest cyberattack row
The Collins Aerospace Attack is the latest in a series of famous cybersecurity breaches that made headlines.
Jaguar Land Rover said last week it has extended its production suspension until September 24th following the cyberattack. “The decision has been made that forensic investigation into cyber incidents will continue, and considering the various stages of the controlled reopening of its long-consuming global business, the company said in a statement.
British retailer Marks & Spencer said earlier this year that a recent cyber attack caused the food shelf to bare and halt online sales, but that it would wipe out almost a third of its annual profits.
However, Charlotte Wilson, the enterprise head of cybersecurity firm Checkpoint, noted that it is a particularly target for cybercriminals given the aviation industry’s reliance on shared digital systems.
“These attacks often clash through the supply chain, leveraging third-party platforms that are used by multiple airlines and airports at once,” she said in an emailed statement. “If one vendor is compromised, the ripple effect can be immediate and widespread, causing widespread disruption across borders.”
To improve resilience, she said the airline needs to ensure that the software system is updated regularly and a well-tested backup system in place. She also called for better information sharing between technology providers, airlines and governments.
“Cyberattacks rarely stop at borders, so the more one country can identify and report an attack, the more quickly the other countries can take action to contain it,” she said. “Combined defenses are much more effective than siloed responses.”
