The skies over Europe, typically a symbol of seamless connectivity, were thrown into chaos on a recent Friday night as a major cyberattack crippled the digital infrastructure of several key airports. This coordinated disruption, which began on September 19, 2025, primarily targeted the check-in and baggage handling systems of Collins Aerospace, a U.S.-based aviation technology provider. The fallout was immediate and widespread, affecting major hubs like London’s Heathrow, Brussels Airport, and Berlin’s Brandenburg Airport, leading to extensive delays, flight cancellations, and significant passenger frustration.
This incident serves as a stark reminder of the fragile dependency of modern aviation on interconnected digital systems and the cascading effects a single point of failure can have on a global scale. While the attack did not compromise flight safety or air traffic control, it exposed a critical vulnerability in the industry’s reliance on third-party software providers.
The Anatomy of the Attack
The cyberattack specifically targeted Collins Aerospace’s MUSE (Multi-User System Environment) software. This platform is an essential component of modern airport operations, allowing airlines to share check-in desks, print boarding passes, and process baggage efficiently. When the system was rendered inoperable, airports were forced to revert to manual check-in procedures—a process that is significantly slower and less efficient.
The resulting scene at affected airports was a modern traveler’s nightmare. Thousands of passengers were met with long queues as airline staff meticulously hand-wrote boarding passes and baggage tags. A spokesperson for Brussels Airport described the impact as having a “large impact on the flight schedule,” while a spokesperson for Berlin Airport warned of “longer waiting times” at check-in. The chaos was further compounded by a lack of information for passengers, with many left in limbo, unsure if or when their flights would depart.
While the exact nature of the cyberattack—whether it was ransomware, a denial-of-service attack, or another form of malicious intrusion—has not been officially disclosed, experts are clear about its significance. The fact that an attack on a single software provider could cause such widespread disruption across multiple countries highlights the interconnectedness of the aviation ecosystem. It demonstrates that attackers are increasingly targeting the supply chain—the weakest link—rather than the high-security networks of the airports themselves.
The Ripple Effect: Beyond Check-In Delays
The disruption extended far beyond the check-in counters. The cascading delays created a domino effect across airline networks. Missed connections became a major issue, impacting passengers whose onward flights were not affected by the initial attack. Airlines were forced to implement contingency plans, rebooking passengers and re-routing aircraft. The incident placed immense strain on airport staff, who worked tirelessly to process passengers manually and manage the logistical challenges of a major outage.
Airlines such as Etihad Airways confirmed that their operations at affected airports were significantly slowed, and they advised passengers to arrive earlier than usual to minimize delays. For the most part, major airlines reported minimal long-term impact, but the event was a clear stress test of their operational resilience and ability to react to unforeseen crises.
The Road to Recovery and Future Implications
In the days following the attack, Collins Aerospace and its parent company, RTX, worked to resolve the issue and restore full functionality. However, the recovery was not uniform. While delays at Heathrow and Berlin eased relatively quickly, Brussels Airport remained significantly affected, even resorting to asking airlines to cancel a large number of departing flights as a precautionary measure until a “new secure version” of the check-in system could be deployed.
This incident has prompted a critical re-evaluation of cybersecurity measures within the global aviation industry. Cybersecurity experts have emphasized that the reliance on a single, centralized system creates a “single point of failure” that is highly attractive to malicious actors. The attack underscores the need for:
- Diversification of Systems: Airports and airlines should consider diversifying their technology providers to prevent a single cyberattack from bringing multiple operations to a halt.
- Enhanced Supply Chain Security: Greater scrutiny and security protocols must be applied to third-party vendors who provide mission-critical software.
- Robust Contingency Plans: The ability to switch quickly and efficiently to manual operations or alternative backup systems is paramount.
The attack, which saw no confirmed data theft, appears to have been an act of disruption rather than a financial crime. However, the motive and the perpetrator remain under investigation by authorities. The incident is a sobering reminder that as the world becomes increasingly digital, the aviation sector—and critical infrastructure in general—must prioritize cybersecurity as an integral part of its operational safety and resilience. The skies may be secure, but the ground systems that support them are still navigating a treacherous digital landscape.
