Major European airports faced significant operational turmoil recently after a sophisticated cyberattack targeted a crucial check-in technology provider. This unprecedented digital assault, commencing on Friday, September 19, 2025, plunged thousands of travelers into chaos, causing widespread flight delays and cancellations across key hubs like London’s Heathrow, Berlin Brandenburg, and Brussels Airport. The incident starkly underscored the aviation industry’s escalating vulnerability to cyber threats and the far-reaching impact of supply chain compromises. As investigations continue, the disruption serves as a critical wake-up call for global travel infrastructure.
Unpacking the Digital Assault on Europe’s Skies
The cyberattack specifically targeted Collins Aerospace, a vital U.S.-based technology provider. Collins Aerospace supplies the “MUSE” software, which is essential for electronic customer check-in, baggage drop, and boarding systems. This system is relied upon by numerous airlines across over 170 airports globally. When the attack hit Collins’ systems, it created an immediate ripple effect, demonstrating how a single point of failure in the digital supply chain can paralyze critical infrastructure across multiple nations.
Collins Aerospace, a subsidiary of the American aerospace and defense giant RTX (formerly Raytheon Technologies), confirmed a “cyber-related disruption” to its MUSE software. Initial assessments indicated the impact was primarily limited to automated check-in and baggage processes. However, the inability to use these electronic systems forced airports and airlines to revert to cumbersome manual operations, dramatically slowing down passenger handling and leading to inevitable congestion and frustration.
Widespread Disruption: Airports Grapple with Fallout
The cyberattack’s impact varied but was felt keenly across several European aviation gateways. On Sunday, September 21, London’s Heathrow, the UK’s largest airport, which serves over 200,000 passengers daily, was still working to “resolve and recover” from the outage. Despite efforts, many passengers experienced significant delays. Heathrow, however, managed to keep the “vast majority of flights” operating by working closely with airlines, suggesting effective contingency measures helped mitigate complete paralysis.
Brussels Airport, however, appeared to bear the brunt of the disruption. The airport confirmed a “cyberattack” on Friday, leading to 10 flight cancellations and 17 delays initially. By Sunday, the situation worsened, with 45 outbound and 30 inbound flights cancelled. Facing persistent issues, Brussels Airport proactively requested airlines to cancel up to 50% of Monday’s scheduled departing flights, highlighting the severity and prolonged nature of the system failures. A spokesperson indicated the ongoing uncertainty, stating, “We’re taking it day by day.”
Other Hubs Report Challenges and Workarounds
Berlin Brandenburg Airport also reported a “systems outage at a service provider” affecting check-in processes. While the airport managed to implement manual workarounds to largely avoid major delays, passengers were advised to expect longer waiting times. Dublin and Cork airports in Ireland reported “minor impacts” from what they described as a “Europe-wide software issue,” largely managing to operate their full schedules through manual solutions. Paris authorities, however, confirmed no outages linked to the cyberattack. The European Commission clarified that critical aviation safety and air traffic control systems remained unaffected, indicating the attack was focused on passenger handling rather than core flight operations.
Passengers caught in the disruption recounted frustrating experiences. Reports of inadequate information, unusually severe crowding, and hours-long queues for manual check-ins were common. One traveler highlighted the organizational chaos, noting the difficulty in finding clear information. These firsthand accounts underscore the direct and tangible consequences of such attacks on individual travel plans and airport efficiency.
The Growing Threat: Why Aviation is a Prime Target
This incident is not an isolated event but part of an alarming trend of increasing cyber threats targeting the global transport industry. Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, emphasized that the aviation sector is particularly vulnerable due to its heavy reliance on shared digital systems. “These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” Wilson noted. “When one vendor is compromised, the ripple effect can be immediate and far-reaching.”
Experts cite a concerning escalation in aviation cyberattacks. A report by French aerospace company Thales in June projected a staggering 600% increase in cyberattacks targeting the aviation sector between 2024 and 2025. This highlights the inherent fragility of an industry deeply intertwined with complex digital networks. Rafe Pilling, director of threat intelligence at Sophos, stressed the “fragile and interdependent nature of the digital ecosystem underpinning air travel,” calling it a “significant and very real” threat. Past incidents, like the temporary shutdown of Japan Airlines’ and American Airlines’ systems in December 2024, or a suspected sabotage attack on France’s national rail operator, further illustrate this vulnerability.
Beyond Disruption: Broader Implications
The identity of those responsible for the recent Collins Aerospace attack remains unclear, with investigations ongoing. Such widespread outages are often attributed to ransomware attacks or deliberate digital sabotage. Regardless of the perpetrator’s motive, the incident raises critical questions about preparedness, risk management, and the urgent need for enhanced cybersecurity measures across the entire transportation sector’s intricate supply chains.
Anita Mendiratta, an aviation expert, reinforced that the disruption stemmed from a software vulnerability rather than an attack on a specific airport. This distinction is crucial for understanding how to contain “contagion” and prevent wider systemic failure. The incident serves as a stark reminder that every link in the aviation chain – from airlines and airports to navigation systems and suppliers – is a potential target.
Strengthening Defenses and Navigating Future Disruptions
In light of these escalating threats, cybersecurity experts like Charlotte Wilson advocate for a multi-pronged approach to improve resilience. Aviation companies must ensure software systems are regularly updated and well-tested backup systems are in place. Furthermore, she called for better information-sharing protocols among technology providers, airlines, and governments. “Cyberattacks rarely stop at national borders, so the faster one country can identify and report an attack, the faster others can take action to contain it,” Wilson asserted. “A joined-up defense will be far more effective than siloed responses.”
For travelers, the recent cyberattack reinforces the importance of proactive measures. Always check your flight status directly with your airline or airport website before traveling. Arriving earlier than usual, especially for international flights, can help accommodate unexpected manual check-in processes. Utilizing online check-in services when available, even if facing subsequent manual bag drop, can help streamline the journey. Staying informed and prepared can significantly reduce the stress associated with such unforeseen disruptions.
Frequently Asked Questions
What caused the recent European airport cyberattack and subsequent disruptions?
The recent widespread disruptions at European airports stemmed from a cyberattack targeting Collins Aerospace, a U.S.-based technology provider. The attack specifically compromised Collins’ MUSE software, which facilitates electronic customer check-in, baggage drop, and boarding pass printing for numerous airlines globally. This digital assault on a single, crucial third-party vendor led to a domino effect across several major airports that rely on the system, forcing a switch to manual operations and causing significant delays and cancellations.
Which European airports were most affected by the cyberattack?
The cyberattack impacted several key European aviation hubs. Brussels Airport experienced the most severe disruptions, leading to substantial flight cancellations over the weekend and a request for airlines to cancel half of Monday’s scheduled flights. London’s Heathrow Airport also reported significant delays but managed to keep most flights operating through collaborative efforts. Berlin Brandenburg Airport also faced system outages, while Dublin and Cork airports in Ireland reported minor, manageable impacts, largely relying on manual workarounds.
What steps can travelers take if their flight is affected by an airport IT disruption?
If your flight is impacted by an airport IT disruption or cyberattack, the first step is to immediately check your flight status directly with your airline or on the airport’s official website before heading to the airport. Allow significantly more time for check-in and security, as manual processes will be much slower. Consider using online check-in if possible, even if a physical bag drop is still required. Stay updated through official airport and airline communications and be prepared for potential delays or cancellations.
In conclusion, the cyberattack on Collins Aerospace and the subsequent disruption at European airports serve as a stark reminder of the fragile interconnectedness of modern global travel. While manual workarounds helped prevent a complete shutdown, the incident highlights the urgent need for robust cybersecurity, resilient supply chains, and enhanced collaboration across the aviation sector and governments. As digital threats continue to evolve, investing in advanced defensive measures and fostering proactive information-sharing will be paramount to safeguarding the future of air travel and ensuring a smoother journey for millions.
