Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Heathrow Cyber-Attack Disrupts Flights Across Europe
Heathrow cyber-attack on 20 September 2025 forced staff to process passengers manually and snarled operations across Europe.
The incident began on 20 September 2025 when a cyber-attack on Collins Aerospace’s check-in software knocked automated passenger processing offline, creating a backlog at London Heathrow and ripple effects at other hubs. Heathrow reported that more than 651 scheduled departures were affected, with delays averaging two to three hours and an estimated 40% backlog at peak.
Why the Heathrow cyber-attack mattered
The disruption led to at least 29 flight cancellations across Heathrow, Brussels and Berlin. British Airways largely avoided major disruption, but several carriers that rely on the affected Collins Aerospace system faced chaotic manual rebooking and long queues. Collins Aerospace said its teams were working to restore services while authorities and national cyber-defence agencies launched urgent investigations.
The tactical impact was immediate: passengers missed connections, ground crews scrambled to complete manual check-ins, and air traffic flow managers had to absorb the downstream delays. The strategic impact is broader — the episode has reignited debates about outsourcing critical airport IT, resilience planning, and the need for redundant, offline procedures.
- Key facts: Heathrow cyber-attack hit Collins Aerospace check-in software on 20 September 2025, affected 651+ departures and caused at least 29 cancellations.
- Average delays were two to three hours with a 40% backlog reported at Heathrow.
- Other affected airports included Brussels and Berlin; British Airways reported limited disruption.
Industry voices called for faster information-sharing between vendors, airports and regulators, and for mandatory resilience checks for suppliers handling passenger processing. Cybersecurity experts have also urged regular offline drills so airports can switch quickly to manual operations without cascading failures.
For travellers, the practical advice remains the same: monitor airline notifications, expect longer processing times at affected airports, and allow extra time for connections until systems are fully verified. Regulators across Europe will be watching how Collins Aerospace and airport operators shore up defenses and restore confidence in automated passenger systems.
