Hundreds of passengers were forced to queue and missed flights after a cyber-related incident crashed systems for airline check-in at key hubs across Europe, led by London Heathrow. The disruption, which was traced to technology from Collins Aerospace, forced carriers to use manual methods and slowed airport operations in terminals across multiple cities.
What happened during the airport check-in system outage
Collins Aerospace confirmed a “cyber-related incident” that impacted components supporting airline departure control and check-in operations. A number of airports use the company’s industry-standard ARINC common-use platforms, including systems known as CUPPS and CUSS, to link desks and kiosks to airline reservation and baggage systems. If those connections fail, staff fall back to printed verification and manual bag tag creation, grinding throughput to a crawl.
Unlike air traffic control or navigation systems, these are tools that live on the passenger-facing side of airport IT. There was no risk to flight safety, but what followed in operational terms could have been measured in minutes: fewer passengers handled per hour, increasing queues and rising numbers of delays.
Extent of the disruption across Heathrow and Europe
Heathrow bore the brunt of the slowdown. According to Flightradar24, more than 130 flights were delayed by at least 20 minutes, with some cancellations reported as airlines rejiggered their schedules and crew rosters. There were also reports of disruption in Brussels and Berlin, highlighting the extent to which shared check-in infrastructure was relied upon across Europe.
The impact was airline-agnostic, affecting both full-service and low-cost carriers. Common-use systems are supposed to allow multiple airlines to share desks, kiosks and networks; but when they break down, the bottleneck seems systemwide. Airports do prepare for such contingencies, but a manual workaround cannot compete with automatic capacity during peak hours.
Heathrow said in a statement that teams were collaborating with airlines and the technology provider to restore operations. The airport urged passengers to plan extra time, and whenever possible, check in online before arriving. Guidance also advised getting there early — about three hours for long-haul flights and two hours for short ones — to account for slower desk processing.
How airports and airlines reacted to the outage
Ground teams repositioned employees for front-of-house roles, opened security lanes in some areas and gave priority to passengers with departure times in the near future, among other measures. Airlines used paper boarding passes, manually checked travel documents and timed bag acceptance with generous stops to prevent misconnection.
Operational planners, too, adapted turnarounds, adding dwell to gate times and resequencing aircraft where crews and stands allowed. Though such decisions can help restrict the operation, they are liable to create delays elsewhere when some aircraft do not make their assigned slots and others overflying duty limits — a popular “domino theory” model at big hubs.
Investigation and the broader cybersecurity context
Collins Aerospace did not disclose technical details or attribution beyond saying it was a cyber-related problem. Events of this nature tend to prompt coordination with national authorities and industry bodies – in the case of the UK, specifically the National Cyber Security Centre and Civil Aviation Authority – with information sharing via sector groups subscribed to under IATA.
An ecosystem of aviation tied to a few common-use and departure control vendors creates concentration of risk. Two recent lessons: a global IT software failure last year that crippled check-ins for multiple carriers, and another supplier breach in previous years exposing passenger data from various airlines. Neither had anything to do with flight control systems, but each underscored how supplier outages ripple through airports, gates, crew scheduling and baggage flows.
Three key areas of exposure keep coming up, experts say: flat networks that enable lateral movement after access is gained; complex patch and update dependencies across airports and airlines; and heavy reliance on legacy systems that are difficult to segregate. Resilience measures — zero trust designs, tighter network segregation and offline contingencies for core functions — can help minimize impact, but they also demand ongoing investments and cooperation with vendors.
What travelers need to know during check-in disruptions
Passengers should check their airline’s app before departing for the airport and use online check-in if possible, downloading or printing boarding passes and travel documents. Go early, pack medications and essentials in carry-on luggage, and anticipate longer waits at bag drop and document check.
Under EU261 regulations, airlines must provide care — meals and refreshments and accommodation as needed — during long delays. Compensation for cancellations varies depending on the cause; cyberattacks are often regarded as exceptional circumstances, which can restrict payouts, although duty-of-care requirements still apply. Travel insurance policies with trip disruption cover can mitigate out-of-pocket expenses.
For the moment, airports and the technology provider are focusing on full recovery plus backlog clearance. Once the systems have stabilized, the focus will shift to a forensic review — what broke, how did this particular event spread and which resiliency measures should be shored up — so that the next time a market-critical supplier comes under digital fire, check-in lines keep moving.
