Travelers across Europe found themselves in a state of confusion and frustration over the weekend as a ransomware attack on a key airport software provider rippled through some of the continent’s busiest air hubs. The incident, confirmed by the European Union Agency for Cybersecurity (ENISA) on Monday, exposed the aviation sector’s vulnerability to cyber threats that stem from reliance on a handful of third-party vendors—a risk that experts say is only growing more acute.
The trouble began late Friday, September 19, when Collins Aerospace, a North Carolina-based aviation technology company, was struck by a ransomware attack targeting its MUSE check-in and boarding software. The impact was immediate and widespread. According to ENISA, the attack disrupted operations at major airports including London’s Heathrow, Brussels, and Berlin, causing long queues, significant delays, and flight cancellations. Some airlines were forced to revert to manual boarding procedures, a throwback that only underscored the modern industry’s dependence on digital systems.
Brussels Airport, in a message posted on X (formerly Twitter) Sunday, confirmed that the attack had occurred late Friday and that the fallout continued into Monday, September 22. “Disrupted airport operations also on Monday 22 September, causing flight delays and cancellations. Check the status of your flight before coming to the airport,” the airport advised. On its website, Brussels Airport added, “The service provider is actively working on the issue and trying to resolve the problem as quickly as possible. At the moment, it is still unclear when the issue will be resolved.” Passengers were urged to check their flight status, use online check-in, and only come to the airport if their flight was confirmed—arriving two hours before Schengen flights and three hours before non-Schengen departures.
Heathrow Airport echoed the advice, posting on Monday: “We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.” The airport recommended passengers check their flight status before heading to Heathrow and to arrive no earlier than three hours before long-haul flights or two hours for short-haul journeys. The disruptions at Berlin mirrored those at the other affected airports, with passengers facing uncertainty and extended wait times.
The European Union Agency for Cybersecurity (ENISA) provided some reassurance, stating, “The type of ransomware has been identified, and law enforcement is investigating.” But for travelers caught in the chaos, that was cold comfort. The attack drew immediate attention from national authorities as well. The UK’s National Cyber Security Centre (NCSC) said in a statement Saturday, “We are working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident.” The NCSC urged all organizations to utilize its free guidance and tools to bolster cyber defenses and reduce the risk of future attacks.
The incident at Collins Aerospace is only the latest in a string of cyber-related disruptions to hit the transportation and manufacturing sectors in 2025. According to Industrial Cyber, one of Russia’s busiest airports, Pulkovo in St. Petersburg, reported on Friday that its website had been taken offline in a cyberattack. However, the airport emphasized that check-in and flight operations were proceeding as usual, and specialists were working to restore online services. The airport did not disclose further details about the attack or whether other parts of its digital infrastructure had been affected.
Elsewhere in Russia, Siberian regional airline KrasAvia reported a system failure on the same day, which it said resembled a previous outage experienced by national carrier Aeroflot in July. While KrasAvia did not confirm a cyberattack, the similarity to the earlier incident raised suspicions among observers and local media.
The aviation sector has not been alone in facing such challenges. The UK government and the automotive industry have also been grappling with the fallout from cyberattacks. In September, a major incident forced automaker Jaguar Land Rover to pause production, disrupting the wider automotive supply chain. The Department for Business and Trade (DBT) and the Society of Motor Manufacturers and Traders (SMMT) issued a joint statement after meeting with suppliers: “The Government, including government cyber experts, are in contact with the company to support the task of restoring production operations, and are working closely with JLR to understand any impacts on the supply chain.” The statement continued, “This allowed us to listen to suppliers directly and understand the challenges and concerns they are facing.”
These recent disruptions have amplified calls for greater cybersecurity resilience across industries that depend on a small number of technology providers. Cody Barrow, CEO at EclecticIQ, told Industrial Cyber, “This attack is a clear reminder of how fragile aviation operations can be when critical systems depend on a handful of third-party providers. By targeting a single vendor, attackers were able to disrupt airports across multiple countries, a textbook example of supply chain risk in action.” Barrow stressed that although the aviation sector has invested heavily in safety, cybersecurity has lagged behind. “Operators and regulators need to ensure that essential systems can continue to function even when vendors are compromised. That means building redundancy, running realistic contingency exercises, and ensuring threat intelligence flows quickly between partners. We should expect incidents like this to become more frequent, and the sector must treat cyber resilience with the same urgency as physical safety.”
Recent history has shown just how costly and disruptive a single point of failure can be. The Collins Aerospace incident has drawn comparisons to the 2024 CrowdStrike Holdings software debacle, where a botched update crashed millions of devices and halted operations at airlines, banks, and emergency services, causing financial losses estimated in the billions. Other notable events include recent outages and cyberattacks at Alaska Air Group and the March 2025 electrical substation fire at Heathrow, which forced the closure of the airport for more than 16 hours and resulted in the cancellation of over 1,300 flights.
As airlines and airports scramble to recover from the latest disruptions, the message from authorities and industry leaders is clear: the threat of cyberattacks is not going away, and the consequences of inadequate preparation can be severe. Passengers, meanwhile, are left to navigate the immediate fallout—checking flight statuses obsessively, bracing for long lines, and hoping that their travel plans won’t be derailed by the next digital crisis.
For now, the aviation sector’s digital vulnerabilities are on full display, serving as a stark reminder that in an age of interconnected systems, the weakest link can bring the whole operation to a grinding halt.