A cyberattack targeting the software systems of Collins Aerospace, a major aviation technology provider under RTX (formerly Raytheon Technologies), has disrupted airport operations across parts of Europe. The issue began late Friday evening, September 19, 2025, when Collins’ MUSE (Multi-User System Environment)—a platform that powers passenger check-in, boarding gates, and baggage drop systems for numerous airlines—suffered a cyber-related failure.
The attack disabled automated processes for electronic check-in and boarding, forcing airports to fall back on slower manual procedures. As a result, travelers faced long queues, extended waiting times, and uncertainty over flight departures.
Affected airports across Europe
The disruption was most visible at London’s Heathrow Airport, one of the busiest hubs in the world. Heathrow confirmed that many airlines using Collins’ system were unable to process passengers electronically. Although manual check-in remained possible, the airport acknowledged significant delays and asked passengers to verify their flight status directly with airlines before heading to the airport.
Brussels Airport reported some of the heaviest consequences. According to its latest update, around 10 flights were canceled outright, while nearly all departures experienced delays averaging one hour. Airport officials described the attack as having a “large operational impact,” particularly because Brussels is a central hub for both short-haul European flights and long-haul international routes.
At Berlin Brandenburg Airport, passengers experienced long lines at check-in counters, as electronic systems used for issuing boarding passes and processing luggage were unavailable. Staff resorted to manual boarding operations, which slowed down the overall schedule. The airport publicly warned of longer waiting times for passengers traveling on Saturday.
In contrast, Frankfurt Airport—Germany’s largest hub—confirmed that its operations were unaffected, as it does not rely on Collins’ compromised system. Zurich Airport in Switzerland also said its check-in and boarding systems were operating normally. French airports, including Paris’ Charles de Gaulle, Orly, and Le Bourget, likewise reported no disruptions.
Airline responses
Airlines operating from the affected airports scrambled to minimize disruptions.
-
Delta Air Lines confirmed it had implemented a technical workaround and expected minimal impact to its scheduled flights.
-
British Airways, which uses multiple systems, was less affected because of backup operations at Heathrow.
-
EasyJet said its flights were continuing as normal and it did not expect significant disruption for the rest of the day.
-
Other major carriers, including Ryanair and IAG (the parent of British Airways, Iberia, and Aer Lingus), did not immediately release detailed statements.
Despite these efforts, airlines continued to urge passengers to arrive early, expect delays, and stay in touch through official channels for flight updates.
The parent company’s statement
RTX, the parent company of Collins Aerospace, confirmed that the disruption was the result of a cyberattack. It clarified that the issue was limited to electronic check-in, baggage drop, and automated boarding systems at select airports. Importantly, it stressed that core aviation operations, air traffic control, and flight safety systems were not compromised.
RTX added that engineers were working urgently to restore full service. In the meantime, manual processes had been authorized and activated to ensure passengers could still be checked in and boarded, albeit at a slower pace.
Government and regulatory reactions
The cyberattack quickly drew the attention of European officials.
-
In the United Kingdom, Transport Minister Heidi Alexander said her office was receiving continuous updates from Heathrow and airline partners.
-
In Poland, the Deputy Prime Minister and Minister for Digital Affairs, Krzysztof Gawkowski, stated that Polish airports were not under immediate threat and were operating normally.
-
Security services in other countries, including Germany and France, were monitoring the situation closely but reported no further evidence of attempted intrusions into other critical aviation systems.
Current status and passenger advice
As of Saturday afternoon, September 20, the situation remained partially unresolved. Airports continued to rely on manual operations to check in passengers, leading to long waiting times. Average delays remained close to one hour at Brussels, while Heathrow and Berlin saw variable delays depending on the airline.
Travelers scheduled to depart from the affected airports were strongly advised to:
-
Confirm the status of their flights before leaving for the airport.
-
Arrive at the airport earlier than usual, allowing additional time for manual check-in.
-
Be prepared for possible cancellations or rebooking on alternative flights.
Why this matters
This incident highlights the aviation sector’s vulnerability to cyberattacks targeting digital infrastructure. While air traffic control and in-flight safety systems were not impacted, passenger-facing systems like check-in and baggage handling are increasingly automated and interconnected across multiple airports worldwide. Disruptions to these systems can ripple through entire flight networks, affecting tens of thousands of passengers.
The Collins Aerospace cyberattack is one of the most serious disruptions of its kind in recent years, underscoring the urgent need for airports and airlines to maintain resilient backup systems and cybersecurity defenses to protect critical services.
