European Airports Face Disruption, Check-in Systems Issues After Cyberattack

• Widespread impact: Cyberattack disrupted check-in systems at London, Heathrow, Brussels, and Berlin.
• Targeted system: The attack compromised the MUSE software provided by Collins Aerospace, a subsidiary of RTX.
• Operational disruption: Airports reverted to manual check-ins, leading to long queues, flight delays, and cancellations.

A significant cyberattack targeting a third-party technology provider has caused widespread disruption across several of Europe's busiest airports. The incident, which began on Friday, affected the Collins Aerospace MUSE system, a critical software platform used for passenger check-in, boarding, and baggage handling. 

Major hubs, including London's Heathrow, Brussels Airport, and Berlin Brandenburg Airport, experienced operational failures, resulting in significant travel turmoil.

Airport Check-in Disruption and Response

The cyberattack forced affected airports to abandon automated processes and resort to manual check-ins. This led to substantial queues, flight delays, and numerous cancellations as staff struggled to process passengers by hand. 

Brussels Airport was particularly hard-hit, requesting airlines to cancel half of their scheduled Monday departures to manage the ongoing fallout. While operations at Heathrow and Berlin saw some recovery, residual delays and problems persisted through the weekend.

Provider of check-in and boarding systems Collins Aerospace confirmed the "cyber-related disruption" to its MUSE software. The company announced it is collaborating with four impacted airports and airline customers and is in the final stages of restoring full functionality in a statement early on Monday, cited by Reuters.

Europe Airlines Outage

Delays at Heathrow were "low", while Berlin had "moderate" and Brussels "significant" delays, an analysis by aviation data provider Cirium said, according to Reuters.

“There was a cyberattack on Friday night, 19 September, against the service provider for the check-in and boarding systems affecting several European airports,” said Brussels Airport in a statement cited by Associated Press.

Reports say Brussels Airport canceled 50 of 257 scheduled departures on Sunday, and 25 of 234 on Saturday.

Reports indicate that Collins Aerospace “had not yet delivered a secure, updated version of the software necessary to restore full functionality,” leading to flight cancellations on Monday, a spokesperson for Brussels Airport said.

"Occasionally, there are longer waiting times at check-in, boarding, baggage handling, and baggage reclaim. Delays to departing flights today are in line with a normal operating day," Berlin Brandenburg Airport said on Sunday, Reuters reports.

Heathrow stated early on Sunday that recovery from the check-in system outage was ongoing, although most flights were still operating.

Cybersecurity Vulnerabilities in Aviation

This European airport cyberattack underscores the significant cybersecurity vulnerabilities present within the aviation sector's complex supply chain. Experts note that targeting a single, widely used third-party provider like Collins Aerospace can have a far-reaching ripple effect, impacting multiple airports and airlines simultaneously. 

“This is a very clever cyberattack indeed because it’s affected a number of airlines and airports at the same time — not just one airport or one airline, but they’ve got into the core system that enables airlines to effectively check in many of their passengers at different desks at different airports around Europe,” travel analyst Paul Charles told Sky News.

“While the technical details are still coming into focus, we know that airports rely on interconnected digital systems for nearly every aspect of operations,” said Anne Cutler, from Keeper Security. “Attackers target interconnected environments precisely because of their reliance on third-party technology.”

“Adversaries understand that targeting widely used technology services can result in outsized impact, as demonstrated in countless damaging supply chain attacks,” said Darren Guccione, CEO and Co-Founder at Keeper Security.

Dave Gerry, CEO at Bugcrowd, stated that “whether nation-state actors looking to influence national interests or a criminal organization looking to cause mass panic and chaos, disruptions to services leveraged by millions represent a growing threat.”

“As aviation operations increasingly depend on mobile devices, for flight crews, ground staff, and maintenance teams, these endpoints have become high-value targets. One global airline recently strengthened its mobile security posture after uncovering threats like malicious SMS links, risky Wi-Fi use, sideloaded apps, and OS vulnerabilities affecting employee devices,” said Krishna Vishnubhotla, Vice President, Product Strategy at Zimperium.

With more than 70% of aviation cybersecurity solutions now cloud-hosted and a growing reliance on managed services, Vishnubhotla recommends that mobile security be treated as a “foundational layer, providing on-device protection, continuous threat detection, and full visibility across mobile fleets to support operational resilience and regulatory compliance.”

Regional regulators have initiated investigations to determine the source of the attack, which follows a recent pattern of damaging cyber intrusions across various industries. 

This year, aviation executives have been targeted in BEC scams via fake Microsoft 365 login pages, and the UN Aviation Agency ICAO data breach impacted nearly 12,000 individuals.