London Heathrow: Cyber Attacks September 2025

London Heathrow was grappling with major disruption after a cyber attack on a third-party check-in system rippled across Europe’s busiest airport last week. The sophisticated attack targeted Collins Aerospace’s MUSE platform, which forced terminals to revert to manual check-in processes, triggering long queues, widespread delays, and frustration among passengers.

A spokesperson from Heathrow said the “underlying problem was outside our influence,” but the airport had brought in extra staff to help with any disruption. On Sunday, the 21st of September, 90% of flights incurred a delay of 15 minutes or more, with the average delay being 34 minutes, highlighting Heathrow’s resilience and contingency planning in events of mass disruption. Brussels Airport had faced severe delays, with 86% of flights being delayed, ranging from 15 minutes to four hours. Around 73% of flights at Berlin Brandenburg were delayed on Sunday. Delays and cancellations are still being issues way into today, Monday, the 22nd of September.

There is no confirmation of who carried out the attacks yet, with some experts pointing to state-sponsored actors, but with no hard evidence. While the software (MUSE) is at the centre of the cyber attack, it is unclear whether the compromise is due to ransomware, a supply chain vulnerability, a software bug, or targeted sabotage. Beyond delays and cancellations, the long-term operational, financial, and reputational damage is unclear.

Many airports around the world still rely on decade-old technology, and with this recent attack, it highlights the need for improvement and a higher level of cyber resilience. Many systems in use today were first developed long before cyber resilience became a core design principle, often patched and expanded rather than redesigned from the ground up. This leaves critical platforms such as check-in, boarding, and baggage drop inherently fragile and centralised, difficult to modernise, and reliant on a small number of vendors. The Heathrow, Brussels, and Berlin cyber attacks underscore how quickly a single point of failure can ripple through entire operations, bringing passenger flows to a standstill and forcing airlines back to manual processes.

The cyberattack on Heathrow has served as a stark reminder that aviation’s digital backbone is only as strong as its most outdated link. As airports and airlines move deeper into an era shaped by artificial intelligence and increasing passenger demand, investing in resilient, future-proof systems is no longer optional; it is essential for safeguarding both operations and passenger trust.