Travelers across Europe faced chaotic scenes over the weekend after a cyberattack crippled airport check-in systems. From London to Brussels, airlines scrambled to process passengers manually as the disruption triggered long lines, delays, and cancellations.
Story Synopsis
The incident struck on September 19–20, 2025, targeting “Muse” check-in and boarding software supplied by Collins Aerospace, an RTX subsidiary. Airports including Brussels, London Heathrow, Berlin Brandenburg, and Dublin were affected.
While flights continued, many passengers waited hours as staff hand-wrote boarding passes and manually processed baggage. The EU’s cybersecurity agency ENISA later confirmed that ransomware linked to a third-party provider was behind the disruption.
What It Means
This marks one of the most significant aviation cyber incidents in recent memory. Airport IT systems are considered “critical infrastructure,” and attacks of this scale highlight vulnerabilities in global travel networks.
For passengers, the immediate impact was lost time, missed connections, and frustration. For regulators and airlines, the event underscored the urgency of tightening defenses against ransomware groups increasingly targeting high-value sectors.
How It Works
- Target: The hack compromised Collins Aerospace’s “Muse” airport management software.
- Impact: Automated check-in kiosks, baggage drops, and boarding pass printing failed across multiple hubs.
- Response: Airports switched to manual workarounds—employees checking IDs by hand, writing boarding passes, and rerouting passengers.
- Investigation: ENISA confirmed ransomware involvement, though attribution has not yet been made public.
Why It Matters
Cybersecurity experts warn that such attacks could escalate if not addressed. Unlike delays caused by weather, IT outages spread rapidly and across borders. The aviation industry, which already operates on thin margins and tight schedules, cannot afford cascading failures.
This incident also feeds into broader EU efforts to strengthen critical infrastructure protections. New regulations such as the NIS2 Directive require more robust risk management and disclosure of cyber incidents.
What’s Next
- System restoration: Collins Aerospace is rolling out secure patches to restore the Muse platform.
- Investigations: National governments and the EU are probing whether state-sponsored actors or organized ransomware gangs are responsible.
- Policy impact: Expect increased investment in aviation cybersecurity, mandatory resilience audits, and pressure for better coordination between private vendors and airport authorities.
Tech Tidbits
- Brussels Airport was among the worst hit, with multiple flights cancelled.
- Heathrow reported delays but avoided mass cancellations by rapidly scaling manual operations.
- The Muse software is used at dozens of airports worldwide, raising concerns about global exposure.
- ENISA described the incident as “a wake-up call for European aviation security.”
Publication Details
- Incident: European airport cyberattack
- Date: September 19–21, 2025
- Locations: Brussels, London Heathrow, Berlin Brandenburg, Dublin, others
- Affected provider: Collins Aerospace (RTX)
Suggested Reading
- “European airports race to fix check-in glitch after cyberattack” — Reuters
- “Airport cyberattack disrupts more flights across Europe” — AP News
- “Delays continue at Heathrow, Brussels and Berlin airports after alleged cyber-attack” — The Guardian
- “EU agency says third-party ransomware behind airport disruptions” — Reuters
