Introduction
On 20 September 2025, a cyber attack on Heathrow Airport — the UK’s busiest hub — brought check-in and boarding systems to a standstill. The disruption spread across Europe, affecting Brussels, Berlin, Dublin, and Cork.
The attack targeted Collins Aerospace’s MUSE system (Multi-User System Environment), used by many airlines for passenger processing. While air traffic control and flight safety were never compromised, passenger services were crippled, forcing airports to revert to manual check-in, baggage tagging, and boarding.
This article is a complete resource, combining:
• A full analysis of the incident, impact, and expert reactions.
• A live update tracker (Days 2–3 and beyond) for the latest developments.
Timeline of Events
• Morning, 20 Sept: Airlines report outages in check-in and baggage systems.
• Midday: Heathrow and Brussels confirm switch to manual operations.
• Afternoon: Hundreds of flights delayed; cancellations begin to rise.
• Evening: Collins Aerospace identified as the source of the software disruption.
• Night: Heathrow cancels at least a dozen flights; passengers warned of continued chaos.
How Heathrow Was Affected
• Delays: More than 600 flights disrupted on the first day.
• Cancellations: At least a dozen outright; knock-on cancellations continued.
• Queues: Reports of 3-hour waits at check-in counters.
• Knock-on effects: Crew rescheduling issues, baggage mishandling, and missed connections.
European Impact
• Brussels: Dozens of cancellations; reduced departure schedule announced for Day 2.
• Berlin: Manual fallback procedures in use; moderate delays.
• Dublin & Cork: Regional disruption affecting UK and EU flights.
Passenger Experience
• Families stranded overnight, with limited hotel availability.
• Photos on social media showed queues snaking through terminals.
• Frustration grew as passengers struggled with missed connections.
• Manual baggage handling led to misplaced luggage.
Why Collins Aerospace?
Collins Aerospace, a subsidiary of RTX, provides IT services critical to aviation. The MUSE software is widely used, making it a high-value cyber target.
By hitting one vendor, attackers caused disruption across multiple airports simultaneously — classic “single point of failure” exploitation.
Expert Analysis
• Cybersecurity: Analysts call this a “wake-up call” for aviation IT, warning about reliance on third-party vendors.
• Aviation authorities: Reassured passengers that flight safety was never compromised.
• Passenger rights groups: Emphasised that under UK/EU law, airlines remain liable for refunds and rebookings.
Financial Fallout
• Airlines: Tens of millions lost in refunds and rebookings.
• Heathrow: Lost retail, parking, and operations revenue.
• Collins Aerospace: Faces reputational damage and possible lawsuits.
Live Updates
Day 2 – 21 September 2025
• Flights today: [Insert latest figures once confirmed]
• Delays: Average delays of [XX minutes/hours].
• Airlines update:
• British Airways: minimal disruption (separate systems).
• Lufthansa / Aer Lingus: significant delays, some cancellations.
• Queues: Terminals 2 & 5 reported as worst affected.
• Heathrow statement: “Systems are stabilising, but disruption will continue through Sunday. Passengers should check with their airline.”
• Government response: UK Transport Secretary: “We are monitoring progress closely. Passenger disruption remains significant but systems are gradually being restored.”
Day 3 – 22 September 2025
• Collins Aerospace statement: “We are working round the clock to restore MUSE functionality across affected airports.”
• Investigation update: Cybersecurity sources suggest similarities to ransomware attacks used by organised criminal groups. No public attribution yet.
• Impact so far:
• Cancelled flights: [Updated figure]
• Delayed flights: [Updated figure]
• Passengers affected: Estimated [XX,000]
• Passenger rights reminder: Under EU261 and UK law, compensation applies for delays >3 hours or cancellations, regardless of cause.
Rolling Updates (Add as They Happen)
• 09:00 — Collins confirms 40% of systems restored across Europe.
• 12:30 — Heathrow warns of “residual delays” throughout the week.
• 15:00 — Reports link attack method to known ransomware group [insert name if confirmed].
What Heathrow Is Doing
• Deployed extra staff to check-in desks.
• Updated comms via airport screens and social media.
• Liaising with Collins Aerospace and UK authorities to investigate and restore systems.
Long-Term Implications
1. Regulatory action likely on third-party aviation IT providers.
2. Redundancy systems needed — airports cannot rely on single vendor platforms.
3. Cybersecurity cooperation between airports and governments will increase.
4. Passenger trust may take time to rebuild.
FAQs
Q: Was flight safety affected?
No. Air traffic control and navigation were not compromised.
Q: Who is responsible?
No group has claimed responsibility yet. Investigations ongoing.
Q: Which airports were hit?
Heathrow, Brussels, Berlin, Dublin, and Cork among the worst affected.
Q: Will I be compensated?
Yes. Airlines must provide refunds, rebooking, or cash compensation under UK/EU law.
Q: Is passenger data safe?
Authorities have not confirmed if personal data was accessed.
Conclusion
The Heathrow cyber attack shows how digital disruption can ground the aviation industry as effectively as bad weather.
It was not flight safety but passenger systems that collapsed, proving that modern airports are only as strong as their weakest IT vendor.
As systems come back online, the lesson is clear: cybersecurity is as vital to aviation as runways and radar.
To Read More; Click here