3 hours ago
6
Flights have been delayed and cancelled at three major European airports – including London’s largest, Heathrow – after the company behind the software used for check-in and boarding said it was hit by a cyber-attack.
Airports in Brussels and Berlin are also experiencing delays and disruption after the issue affecting Collins Aerospace, which works for several airlines at airports across the world.
The attack has raised concerns about the robustness of the systems underpinning critical infrastructure, with a prominent cybersecurity expert suggesting the disruption could theoretically spread to more airports. The transport secretary, Heidi Alexander, has said she is being kept informed.
“I’m aware of an incident affecting airline check-in and boarding, impacting flights at Heathrow and other European airports,” said Alexander. “I’m getting regular updates and monitoring the situation. If you’re flying at Heathrow today, check with your airline before travelling.”
The attack has affected Collins’ Muse software. The company is a subsidiary of RTX, which advises other firms on cybersecurity, as well as providing services supporting military operations.
Heathrow said passengers should check their flight status before travelling, and asked them not to arrive any earlier than three hours before a longhaul flight, or two hours before a domestic one.
Brussels airport said the attack happened on Friday night and it meant the check-in and boarding processes could only be handled manually. It said the problem was in Collins’ hands, adding: “This has a large impact on the flight schedule and will unfortunately cause delays and cancellations of flights.” The airport advised passengers to check their flight status with their airline and only travel to the airport if their flight was confirmed.
Berlin airport said: “Due to a technical issue at a system provider operating across Europe, there are longer waiting times at check-in. We are working on a quick solution.”
Collins Aerospace said: “We have become aware of a cyber-related disruption to our Muse software in select airports. We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible.
“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations. We will share more details as they are available.”
Prof Alan Woodword, a professor of cybersecurity at the University of Surrey, said the incident raised serious questions over why the airports appear to be reliant on Collins to fix the issue with Muse.
This suggested control of the system was probably centralised. Were Collins forced to close it off to allow it to deal with the problem, he said, the “disruption’s going to be enormous”.
Woodword also questioned why, given Muse is used in airports across Europe, only three had been affected. He said that, if the system was indeed centralised, this left open the possibility the attackers had so far picked only some of the airports they could target.
Maria Casey, from Aldershot in Hampshire, was on her way to a two-week backpacking holiday in Krabi, southern Thailand, flying through Abu Dhabi. But her Etihad flight departing at 9.30am was delayed and she ended up queueing for three hours because baggage check-in had to be done manually with luggage tags written by hand.
“Only two desks were staffed, which is why we were cheesed off,” she told the PA news agency. “Didn’t know then it was a cyber-attack until four hours later.”
