Chaos gripped several of Europe’s busiest airports this weekend as a cyberattack crippled check-in and baggage systems, leaving thousands of travelers stranded in snaking queues and airlines scrambling for solutions. The disruption, which began late Friday, September 19, 2025, targeted the Muse software provided by Collins Aerospace—a subsidiary of U.S.-based RTX—used by multiple airlines to manage shared check-in desks and boarding gates. The ripple effect was immediate and far-reaching, with major airports like Heathrow, Brussels, and Berlin at the epicenter of the crisis.
According to The Independent, the attack forced airlines to revert to manual check-in processes, resulting in hours-long lines and widespread confusion. Passengers at Heathrow’s Terminal 4 recounted queuing for more than two hours, only to find their digital boarding passes rendered useless. One traveler told the BBC, “We’ve been here since 5 a.m. with no idea when we will fly.” The sense of uncertainty was echoed by many, as families and elderly passengers struggled to find information about their flights.
Heathrow Airport, the UK’s largest, quickly deployed extra staff to help manage the swelling crowds and issued repeated apologies. “We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate,” Heathrow said in a statement on X, as reported by CNBC. The airport emphasized that most flights were still running and urged travelers to check their flight status before leaving home, advising against arriving earlier than the recommended check-in time—three hours for long-haul and two for short-haul flights.
Brussels Airport, meanwhile, faced even grimmer prospects. By Sunday morning, September 21, 2025, spokesperson Ihsane Chioua Lekhli confirmed to the Associated Press that check-in desks—not self-service kiosks—remained out of commission. Staff resorted to backup systems and laptops to process passengers, but the airport still asked airlines to cancel about 140 departing flights scheduled for Monday, September 22. Despite these setbacks, Brussels managed to maintain 85% of its weekend departures, though the airport’s website warned of “a large impact on the flight schedule and unfortunately causes delays and cancellations of flights.”
Berlin Brandenburg Airport also reported extended waiting times due to what it described as a “systems outage at a service provider,” while Dublin and Cork airports experienced minor disruptions but largely maintained their flight schedules. Dublin Airport acknowledged the technical issues but expected a full schedule on Sunday, with some airlines in Terminal 2 continuing to use manual workarounds to generate bag tags and boarding passes, leading to slightly longer processing times.
The European Commission moved quickly to reassure the public, stating that aviation safety and air traffic control were not affected by the attack. “There is no evidence of a widespread or severe attack,” the Commission said, while confirming that it was monitoring the situation closely. Eurocontrol, Europe’s aviation safety organization, took the additional step of asking airlines at Brussels Airport to cancel half of scheduled flights between Saturday morning and early Monday to manage the disruption.
RTX, the parent company of Collins Aerospace, acknowledged the “cyber-related disruption” to its Muse software and said it was working to resolve the issue as quickly as possible. However, the company did not specify the cause of the problem or provide an estimate for when normal operations might resume. “The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” RTX said in a statement to Reuters.
As airlines and passengers grappled with the fallout, speculation swirled about the origins of the attack. Some, including Liberal Democrat MP Calum Miller, called for the UK government to urgently determine whether Russia was behind the breach, citing recent Russian drone incursions into Polish airspace as cause for concern. “The government needs to urgently establish if Vladimir Putin is now attacking our cyber systems,” Miller said. However, cybersecurity experts and the European Commission stressed that there was currently no evidence implicating Russia. As The Independent pointed out, most large-scale hacks in recent years—including a massive attack on British retailer Marks & Spencer earlier this year—have been attributed to criminal gangs seeking ransom payments. While some of these groups operate out of Russia, many are based elsewhere.
Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, told CNBC that the aviation industry’s reliance on shared digital systems makes it an attractive target for cybercriminals. “These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” Wilson explained. “When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders.” She emphasized the need for regular software updates, robust backup systems, and improved information-sharing between technology providers, airlines, and governments. “Cyberattacks rarely stop at national borders, so the faster one country can identify and report an attack, the faster others can take action to contain it. A joined-up defence will be far more effective than siloed responses.”
Vykintas Maknickas, CEO of NordVPN’s travel eSIM app Saily, echoed these concerns, noting that “this attack is a prime example of the supply-chain risks facing the aviation industry.” Maknickas warned that without viable digital backups, incidents like this one “will not be the last.” He added, “Travel runs on trust that systems will work, flights will depart, and bags will arrive. Every cyber outage erodes that confidence. Rebuilding it requires transparency, accountability, and visible investment in resilience.”
The weekend’s events have left airlines and passengers alike demanding answers. Airlines were reportedly “furious,” according to The Independent, as they bore the brunt of rebooking disrupted travelers and arranging food and accommodation. The knock-on effects rippled out to other major European hubs, including Paris, Lisbon, and Amsterdam, complicating travel plans for countless passengers.
This incident comes just over a year after a faulty update from cyber firm Crowdstrike triggered a global IT crash that grounded flights across the United States, underscoring aviation’s vulnerability to digital disruption. The growing frequency of such attacks—Jaguar Land Rover and Marks & Spencer have both suffered major breaches in recent months—has prompted renewed calls for the aviation sector to rethink its approach to cybersecurity. As Maknickas put it, “Aviation has long avoided single points of failure in its physical infrastructure, like multiple runways, backup power, redundant comms. The same philosophy must be applied to their digital strategies.”
As airports slowly recover and investigations continue, one thing is clear: the digital age has brought both unprecedented convenience and new forms of risk to global travel. The aviation industry now faces a stark choice—invest in resilience, or risk repeating the chaos of this weekend’s cyberattack.