Travelers across Europe faced a weekend of frustration and uncertainty as a major cyberattack on Collins Aerospace, a leading provider of airport check-in and boarding systems, disrupted operations at several of the continent’s busiest airports. The attack, which began on Friday night, September 19, 2025, quickly cascaded through electronic check-in, baggage handling, and boarding systems, causing widespread delays, cancellations, and a return to manual processing at airports from London to Berlin and Brussels.
Heathrow Airport, Europe’s busiest, was among the hardest hit. On Saturday, September 20, 2025, passengers arrived to find themselves in long, slow-moving queues as staff resorted to pen-and-paper check-ins and manual luggage tagging. The airport, in a statement posted on X (formerly Twitter), warned travelers to check their flight status before heading out and advised, “Please arrive no earlier than three hours before a long-haul flight or two hours before a domestic flight. Additional colleagues are available in check-in areas to assist and help minimise disruption. We apologise for any inconvenience.”
Brussels Airport, another major European hub, reported that the attack had a “large impact on the flight schedule and will, unfortunately, cause delays and cancellations of flights.” As of Saturday afternoon, 10 flights had been cancelled and all departing flights faced average delays of one hour. Berlin Brandenburg Airport also confirmed longer waiting times and delays due to the outage, which began when their digital networks were disconnected as a precaution after the attack was detected on Friday night.
Collins Aerospace, a subsidiary of RTX (formerly Raytheon Technologies), acknowledged the breach in its MUSE (Multi-User System Environment) software, which allows multiple airlines to share check-in desks and boarding gates. In a statement to the press, RTX said, “We have become aware of a cyber-related disruption to our Muse software in select airports. We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible. The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations.”
According to aviation analytics company Cirium, by 12:30 BST on Saturday, 29 flights had been cancelled across Berlin, Brussels, and Heathrow, while data from FlightAware indicated 10 cancellations and over 200 delays at Heathrow alone. The ripple effects were felt by travelers far and wide. Maria Casey, scheduled to fly with Etihad Airways from Heathrow, found herself queuing for three hours at a sparsely staffed check-in desk. Others, like Sam Auld, expressed exasperation: “Been here, what, eight hours now. There’s been no organization, nobody’s told us anything. We’ve had to cherry-pick what little information we can find.”
The disruption was not universal, however. Paris airports reported no outages or delays, and British Airways at Heathrow was able to operate normally, thanks to a backup system. Most other airlines at Heathrow, however, were not so lucky, with staff forced to handwrite boarding passes and manually process luggage. In Ireland, both Cork and Dublin airports experienced only minor impacts, with some airlines switching to manual check-in but reporting no major delays.
Passengers described scenes of confusion and exhaustion. Lucy Spencer, waiting to board a Malaysia Airlines flight, told the BBC, “They told us to use the boarding passes on our phone, but when we got to the gates they weren’t working – they’ve now sent us back to the check-in gate.” Monazza Aslam, who was traveling with elderly parents, reported being at Heathrow since 5 a.m., hungry and tired, with no updates. Johnny Lal, due to fly to Bombay for a funeral, said his family would now miss their flight because staff were unable to provide necessary mobility assistance.
Authorities and cybersecurity experts were quick to weigh in on the significance of the attack. Adrianus Warmenhoven, a cybersecurity expert at NordVPN, explained, “Cyberattacks on airports are particularly disruptive because aviation relies on tightly coordinated systems. A single failure in check-in or baggage handling doesn’t just create queues – it has a domino effect on flight schedules, connections, and even crew availability.” He added, “The fact that the disruption today stems from a third-party supplier shows how attackers often go after the weakest link rather than the airport itself. Strengthening resilience means not only securing airport networks but also ensuring that suppliers meet the same high standards.”
Rob Jardin, chief digital officer at NymVPN, echoed the concern over supply chain vulnerabilities, noting, “We’ve seen this pattern before in retail, automotive, and now aviation – criminals are deliberately targeting supply chains to cause maximum disruption. Security can’t stop at your own network. Every supplier must meet the same high standards, and we need more resilient, decentralised infrastructures so that a single point of failure can’t paralyse critical services.”
The aviation industry has become an increasingly attractive target for cybercriminals. According to a report from French firm Thales, the sector saw a staggering 600% increase in cyberattacks from 2024 to 2025. Ransomware attacks, in particular, have plagued airlines and airports, with hackers seeking to extort payments or steal personal data. While speculation swirled about possible state-sponsored involvement—especially given recent Russian cyber activity targeting critical infrastructure in Poland—authorities cautioned that it was too early to assign blame. The UK’s National Cyber Security Centre, the Department for Transport, and law enforcement agencies were all assisting in the investigation, while the European Commission said it was “closely monitoring the cyber attack” but saw “no indication of a widespread or severe” event.
Poland, which has faced a surge in cyberattacks on hospitals and water systems amid heightened tensions with Moscow, reported no impact on its airports. Deputy Prime Minister Krzysztof Gawkowski said Poland now faces 20 to 50 cyberattacks a day and plans to boost its cybersecurity budget to a record €1 billion in 2025.
The human toll of the disruption was evident in airports across Europe. Videos from Brussels showed airline staff writing out boarding passes by hand as crowds snaked through terminals. At Heathrow, additional staff were deployed to help minimize chaos, but the sheer volume of affected travelers made for a tense and exhausting experience. “Any disruption is potentially serious at Heathrow, given it is Europe’s busiest airport, and departure control is a really complex business,” travel journalist Simon Calder told the BBC. “These things are all interconnected, so a little bit of a problem in Brussels, in Berlin... people start missing connections, planes and passengers and pilots are not where they are meant to be, and things can get quite a lot worse before they get better.”
By late Saturday, Heathrow reported that recovery efforts were ongoing and most flights had continued to operate, albeit with delays. “We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate,” the airport said in a statement. Meanwhile, investigations into the breach pressed on, with experts warning that as long as critical infrastructure depends on shared digital systems, the threat of cyberattacks—and their capacity to upend travel for thousands—will remain a pressing concern.
