Over the weekend of September 20-21, 2025, a significant cyberattack targeted Collins Aerospace’s MUSE (Multi-User System Environment) software, a critical component in airline check-in and boarding systems. This incident led to substantial disruptions at several major European airports, including London’s Heathrow, Berlin Brandenburg, and Brussels Zaventem.
Impact on Airport Operations
The cyberattack rendered automated check-in and baggage drop systems inoperative, compelling airports to revert to manual processing methods. This shift resulted in extensive delays and numerous flight cancellations. At Heathrow Airport, more than 130 flights experienced delays exceeding 20 minutes by Sunday morning, with 13 flights canceled on Saturday. Brussels Airport faced significant challenges, canceling 50 out of 257 scheduled flights on Sunday and advising airlines to cancel half of Monday’s departures. Berlin Brandenburg Airport also reported increased waiting times and operational difficulties.
Response from Collins Aerospace and Authorities
Collins Aerospace, a subsidiary of RTX Corporation, acknowledged the cyber-related disruption and stated that the impact was limited to electronic customer check-in and baggage drop systems. The company emphasized that manual check-in operations could mitigate the effects and assured that efforts were underway to resolve the issue promptly. The European Union Agency for Cybersecurity (ENISA) confirmed the cyberattack and noted that it began on Friday, causing considerable issues with dozens of flights and thousands of passengers affected. Law enforcement agencies are actively investigating the incident, though the origin of the attack has not been disclosed.
Broader Implications and Industry Response
This cyberattack underscores the vulnerabilities inherent in the aviation industry’s reliance on centralized digital systems. The MUSE software’s cloud dependency created a single point of failure, affecting not only check-in kiosks but also integrated systems like biometric scanners and baggage tags. The incident highlights the urgency of implementing robust cybersecurity measures and adhering to directives such as the EU’s upcoming NIS2 directive and the European Union Aviation Safety Agency’s (EASA) cybersecurity rules, which classify IT vendors for aviation as critical infrastructure.
Airlines and airport authorities have been working diligently to minimize passenger inconvenience. EasyJet, for instance, announced that the system issue was not expected to disrupt its flight schedule for the remainder of the day. However, passengers have been advised to check their flight status with their airlines before traveling and to arrive at the airport well in advance to accommodate potential delays.
Conclusion
The cyberattack on Collins Aerospace’s MUSE software has had a profound impact on European air travel, causing significant delays and cancellations. This event serves as a stark reminder of the critical importance of cybersecurity in the aviation sector and the need for continuous vigilance and investment in protecting essential infrastructure.
