Heathrow says a third-party vendor that provides check-in and baggage handling systems at Europe’s busiest airport has made significant progress in fixing a major software outage that forced airlines to revert to time-consuming manual processes after falling victim to a cyber attack on Friday night.
The cyber attack affected Brussels, Berlin Brandenburg, and Dublin Airport, along with London Heathrow Airport, delaying tens of thousands of passengers as airlines struggled to manually process customers.
While Heathrow remains optimistic that the software will be back up and running, Brussels Airlines has ordered airlines to slash around 50% of planned departures on September 21, to prevent overcrowding in the terminals.
The faulty check-in system is known as MUSE and is owned by Collins Aerospace, a US-based aerospace company that provides a vast array of services to the aviation industry, including cockpit systems and air traffic control technology.
MUSE not only handles core check-in functions, but also baggage handling, boarding processes, and several other systems.
At London Heathrow, the MUSE software is one of two major check-in systems that airlines use. The rival software, called Amadeus, was not affected by Friday night’s outage, meaning that major carriers like British Airways have not been impacted.
Late on Saturday, Heathrow reported that Collins Aerospace had managed to clear domain controller corruption that was causing the outage and was running final antivirus testing before opening up the MUSE system for testing by airlines.
The airport is, however, still preparing contingency plans should there be further problems with plans in place to limit access to terminals. Although some flight delays are currently expected, the airport is not anticipating a significant number of cancellations.
Europe’s airspace coordination service, Eurocontrol, said that Brussels Airport had asked airlines to cancel half of all planned departures until 2 am on September 22. Brussels was the only affected airport to have requested widespread cancellations to manage the disruption.
Who is behind the cyber attack?
No group has yet claimed responsibility for the attack on Collins Aerospace, although there are some claims that Russia might be behind the outage. These claims are, however, unsubstantiated.
In the last couple of years, multiple airlines and airports have been targeted by loosely affiliated criminal cyber groups such as Scattered Spider and Rhysida, who carry out attacks for monetary reward rather than political motives.
Last August, Seattle-Tacoma Airport had its check-in and baggage handling systems hacked and taken offline as part of an extortion campaign. The Port of Seattle refused to pay the ransom, and the disruption lasted for more than a week.
Will delayed passengers be entitled to compensation?
Under Europe’s delayed passenger regulations, known as EU-261, passengers are entitled to compensation of up to €600 per person if they are delayed by three hours or more in reaching their final destination.
The rules apply to all departures from and arrivals into the European Union, regardless of where the airline the passenger is flying is based.
These compensation rules are designed to hold airlines accountable for problems that are considered to be within their control, although its a little bit of a gray area as to whether the outage of a third-party system is within an airline’s control.
Generally speaking, however, cyber attacks and third-party vendor issues have been deemed by the courts to be an ‘extraordinary circumstance’ which is outside the control of the airlines. Therefore, compensation is not payable.
Airlines still have a duty to look after passengers
Even if the MUSE software outage is deemed to be an ‘extraordinary circumstance,’ European passenger rights regulations still require airlines to look after passengers who face significant delays – the so-called ‘duty of care’ rules.
Passengers are entitled to:
- Refreshments or meal and drink vouchers.
- Hotel accommodation for overnight delays.
- Transport to and from the hotel.
- A free phone call so that passengers can contact loved ones.
