A major cyberattack on Collins Aerospace, a leading U.S. defense and aviation technology company owned by RTX (formerly Raytheon Technologies), has caused mass disruption across several of Europe’s busiest airports. The attack, which targeted the company’s MUSE (Multi-User System Environment) platform, led to widespread technical failures in passenger check-in and baggage handling systems.
The outage, reported on Friday night, September 19, 2025, quickly spread across multiple hubs, including London’s Heathrow Airport, Brussels Airport, Berlin Brandenburg Airport, and Dublin Airport. The incident caused long lines, severe delays, and dozens of cancelled flights, leaving thousands of passengers stranded or facing hours of uncertainty.
How the Attack Unfolded
According to Collins Aerospace and its parent RTX, the cyberattack specifically disrupted their electronic passenger processing systems used by airlines and airports worldwide. These systems allow travelers to:
- Check themselves in at automated kiosks.
- Print boarding passes and bag tags.
- Dispatch luggage via self-service baggage drop counters.
With the systems offline, airports had to switch to manual operations, which are slower, labor-intensive, and prone to errors.
Officials at Heathrow described the scene as one of “severe congestion,” while Brussels Airport confirmed that check-in times had doubled and many airlines were forced to cancel departures to ease pressure on ground staff.
Impact on Passengers
The disruption left tens of thousands of passengers scrambling to adjust their travel plans. Some were left waiting in airport terminals for hours, while others missed connecting flights.
- At Heathrow, Europe’s busiest airport, dozens of flights faced multi-hour delays, while at least 15 departures were cancelled.
- Berlin Brandenburg Airport issued a notice warning passengers to arrive much earlier than usual due to longer processing times.
- Brussels Airport asked airlines to reduce their Saturday and Sunday flight schedules to avoid total gridlock.
One passenger, Tereza Pultarova, who was due to fly from Heathrow to Amsterdam and then on to Cape Town, described the situation to the BBC as “chaotic and frustrating,” noting that her airline had no local service desk to assist stranded customers. Another traveler in Berlin, Siegfried Schwarz, questioned why “with today’s technology, such systems are still so vulnerable.”
Airline and Airport Responses
Each airport reacted differently:
- Heathrow urged travelers to check flight status online before leaving home and to expect longer waits at check-in.
- Brussels Airport implemented crowd-control measures and called on airlines to cancel up to half of their departures on Sunday to stabilize operations.
- Berlin Brandenburg reassigned more staff to check-in counters but admitted the system outage created “unmanageable” bottlenecks during peak hours.
- Dublin Airport reported disruptions at check-in kiosks but said manual boarding and security systems were functioning.
Airlines worked to manually rebook passengers, though many warned that compensation procedures could take time given the large number of affected travelers.
Collins Aerospace’s Statement
Collins Aerospace issued a statement confirming a “cyber-related disruption” to its systems at “select airports.” The company emphasized that:
- The disruption was limited to electronic customer check-in and baggage drop functions.
- Manual check-in and boarding could still be used as a workaround.
- Engineers were “actively working to restore full functionality as quickly as possible.”
RTX, the parent company, has not disclosed the source of the attack or whether sensitive data was compromised. No hacker group has yet claimed responsibility.
The Bigger Picture: Aviation as a Cyber Target
This latest incident highlights the growing vulnerability of the aviation industry to cyber threats. Airports and airlines have become increasingly dependent on interconnected digital systems for everything from flight operations and ticketing to navigation and baggage handling.
According to a June 2025 report by Thales Group, cyberattacks targeting the aviation sector rose by nearly 600% between 2024 and 2025. The report warned that “from airlines and airports to navigation systems and suppliers, every link in the chain is vulnerable to attack,” describing aviation as a prime target due to its strategic and economic importance.
Past incidents underscore the risk:
- In July 2025, Qantas Airways in Australia suffered a cyber breach exposing data of 6 million customers.
- In 2023, a ransomware attack in Germany disrupted operations at several regional airports.
- Japanese airports have also previously faced cyber-related service disruptions.
Governments and Regulators on Alert
European authorities are now investigating the Collins Aerospace incident. The UK Civil Aviation Authority, the European Union Aviation Safety Agency (EASA), and Germany’s Federal Office for Information Security (BSI) are all involved in assessing the scale of the disruption and potential long-term security gaps.
Cybersecurity experts have urged governments to strengthen supply-chain protections since many airport systems rely on third-party vendors like Collins Aerospace. A weakness in one supplier can have cascading effects across multiple countries, as seen in this case.
What Passengers Should Know
Airlines are expected to offer compensation for cancelled flights under EU261 passenger rights regulations, though delays caused by cyberattacks may fall into a legal “grey area.” Passengers facing cancellations should:
- Check with airlines directly for rebooking options.
- Arrive earlier than usual for flights to account for longer manual check-in.
- Monitor official airport websites for the latest updates.
Industry insiders believe it could take several days for Collins Aerospace to fully restore its systems worldwide.
The Collins Aerospace cyberattack has once again shown how fragile the aviation industry can be when critical digital systems fail. While airports have fallback manual systems, the scale of modern air travel means even short outages cause chaos for passengers, airlines, and airport operators alike.
Until investigations reveal who was behind the attack and how it penetrated such vital infrastructure, the incident serves as a wake-up call: airports remain on the frontline of cybersecurity threats, and stronger safeguards are urgently needed to prevent future disruption.
The Information is collected from ABC News and CNBC.
