A cyberattack targeting a critical software provider has caused widespread disruption at several major European airports, including London's Heathrow, Brussels Airport, and Berlin Airport. The incident, which occurred on Saturday, September 20, 2025, primarily affected electronic check-in and baggage drop systems, leading to numerous flight delays and cancellations. Authorities are investigating the origin of the attack, which highlights the vulnerabilities within the digital infrastructure supporting global air travel.
Key Takeaways
- A cyberattack hit MUSE software by Collins Aerospace on September 20, 2025.
- Major airports like Heathrow, Brussels, and Berlin experienced significant disruptions.
- Electronic check-in and baggage drop systems were affected, causing delays and cancellations.
- Manual check-in operations helped mitigate some of the impact.
- The incident underscores the interdependent nature of digital systems in air travel.
Widespread Impact on Air Travel Systems
The cyberattack centered on the MUSE software platform, developed by Collins Aerospace. This system is crucial for various airline operations, including passenger check-in and baggage handling, at airports worldwide. RTX, the parent company of Collins Aerospace, confirmed a "cyber-related disruption" to their software at specific airports. They did not immediately disclose the names of all affected locations.
London's Heathrow Airport, recognized as Europe's busiest, was among the first to report issues. Brussels Airport and Berlin Airport also confirmed they were facing disruptions. Later, Dublin Airport and Cork Airport in Ireland reported minor impacts. The incident forced airports and airlines to adapt quickly to manage passenger flow and flight schedules.
Important Statistic
As of 11:30 GMT on Saturday, September 20, 2025, aviation data provider Cirium reported that 29 flight departures and arrivals had been canceled across Heathrow, Berlin, and Brussels airports due to the cyberattack.
Operational Challenges and Mitigation Efforts
The primary impact of the attack was on automated systems. "The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations," RTX stated in an email. This meant airport staff had to process passengers manually, leading to longer queues and increased waiting times. Efforts were underway to resolve the issue as quickly as possible, though a timeline for full restoration was not provided.
Brussels Airport officials confirmed four flight diversions and widespread delays for most departing flights. To prevent further chaos, Brussels Airport requested airlines to cancel half of their scheduled departing flights for Sunday. This decision indicated that the disruption was expected to continue beyond the initial day of the attack, affecting weekend travel plans for many passengers.
"The impact of the incident highlighted the fragile and interdependent nature of the digital ecosystem underpinning air travel," said Rafe Pilling, director of threat intelligence at cybersecurity company Sophos. "The threat is significant and very real."
Broader Context of Cyber Threats
This cyberattack is part of a growing trend of digital breaches affecting various sectors globally. Recent incidents have targeted healthcare, defense, retail, and automotive industries. For instance, a breach at luxury carmaker Jaguar Land Rover previously halted its production. Such widespread outages are often linked to ransomware attacks, where attackers demand payment to restore systems, or deliberate digital sabotage.
A European Commission spokesperson noted that there were no immediate signs of a "widespread or severe attack." The origin of the incident remains under investigation. Cybersecurity experts emphasize the critical need for robust defenses in interconnected systems, especially in vital infrastructure like air travel.
Background Information
Collins Aerospace, a business unit of RTX, is a major supplier of aerospace and defense products. Their MUSE software is a common system used by airlines and airports for passenger processing, making it a critical component of airport operations globally. Previous reports from breach-tracking websites indicated that Collins Aerospace had been targeted by ransom-seeking hackers in 2023.
Passenger Experience and Airline Responses
Passengers scheduled to fly on Saturday were advised by affected airports to confirm their flight status directly with airlines before traveling to the airport. Berlin Airport's website specifically warned of longer waiting times at check-in counters. Many travelers found themselves waiting with limited information.
- Kim Reisen, a traveler at Berlin Airport, told Reuters: "I arrived here at the airport station at about quarter past nine, and we haven't been told anything except that there was a technical fault. Of course, online, you can read that it was probably a cyberattack, and now we're waiting here to see what happens."
- Another traveler, Siegfried Schwarz, expressed frustration: "I also find it inexplicable that, with today's technology, there's no way to defend yourself against something like that."
While some airlines were heavily affected, others managed to mitigate the impact. EasyJet, a significant European carrier, reported operating normally and did not anticipate further disruption to its flights for the day. US carriers Delta Air Lines and United Airlines also reported minimal impact, stating they had implemented workarounds to maintain operations and avoid flight cancellations, respectively.
Government Response and Future Outlook
Government officials quickly became involved. British transportation minister Heidi Alexander confirmed she was receiving regular updates on the situation. Both British and German cyber defense authorities announced they were in contact with their respective airports to address the incident. The ongoing investigation aims to identify the perpetrators and prevent similar attacks in the future.
The incident underscores the continuous challenge of protecting critical infrastructure from evolving cyber threats. As digital systems become more integrated into daily operations, the need for advanced cybersecurity measures and rapid response protocols grows. Ensuring the resilience of these systems is vital for maintaining smooth operations in sectors like air travel.
