A ransomware attack on Collins Aerospace caused widespread flight disruptions across several major European airports beginning on Friday, September 19, 2025. The incident affected the Muse check-in and boarding systems used by multiple airlines, forcing airports to shift to manual procedures and leading to significant delays and cancellations.
The European Union Agency for Cybersecurity (ENISA) confirmed that the disruption was the result of a ransomware attack targeting Collins Aerospace, a third-party technology vendor owned by RTX Corporation. The Muse platform enables airlines to share check-in counters and boarding gate systems, and its outage had a direct impact on passenger processing.
London Heathrow, Brussels Airport, and Berlin Brandenburg Airport were among the worst affected. Brussels Airport reported the cancellation of dozens of flights, with officials stating that approximately 60 of 550 daily departures and arrivals were disrupted. Berlin Brandenburg faced long queues and hour-long delays, while Heathrow confirmed delays across the majority of its flights.
Airlines, including Air India, issued advisories to passengers warning of potential delays and urging travellers to check flight status updates before heading to airports. Many passengers were required to check in manually, with airport staff using laptops and tablets to manage boarding processes.
Collins Aerospace said it was working with cybersecurity experts and regulators to restore systems. The company stated that it had reached the final stages of implementing updates and aimed to return services to normal operations soon.
Law enforcement agencies in several European countries have opened investigations into the attack. As of Monday, no group had claimed responsibility for the ransomware operation. Authorities are assessing whether the incident was part of a broader campaign targeting aviation infrastructure.
Airports introduced contingency measures to handle the disruptions, including deploying additional staff, setting up manual baggage drop points, and extending passenger assistance counters. Despite these measures, thousands of travellers faced delays and missed connections, particularly during peak travel hours over the weekend.
ENISA has warned that the incident highlights the increasing risk posed by cyberattacks on third-party service providers in the aviation sector. The agency stressed the need for airlines and airports to strengthen cybersecurity protocols and review the resilience of outsourced systems.
As of Tuesday, disruptions were continuing at several airports, although officials reported gradual improvements as Collins Aerospace systems were restored. Authorities advised passengers to allow extra time for check-in and security procedures until normal operations resume fully.
The ransomware attack has raised concerns across Europe about the vulnerability of critical aviation technology to cybercrime. Industry experts have called for coordinated action to safeguard flight operations and passenger services against future threats.
