A ransomware attack on Collins Aerospace’s check-in and boarding system knocked out automatic services at Heathrow, Brussels, Berlin and other airports starting Friday and continues to cause cancellations, long queues and manual processing through Monday.
Quick Summary – TLDR:
- Automatic check-in and baggage drop systems from Collins Aerospace’s MUSE software were disabled in a ransomware attack confirmed by ENISA
- London Heathrow, Brussels and Berlin airports were most affected, with Brussels cancelling half its Monday departures
- Manual check-ins and long lines replaced automated systems, with delays continuing through the weekend
- System restoration efforts are ongoing with no official word on full recovery timeline
What Happened?
On Friday night September 19, 2025, a cyberattack targeted Collins Aerospace’s MUSE (Multi-User System Environment) software, crippling automatic check-in, boarding, and baggage drop services at major European airports.
The attack was confirmed to be ransomware by the European Union Agency for Cybersecurity (ENISA). Law enforcement is now investigating the incident.
Airports including London Heathrow, Brussels Airport, Berlin Brandenburg and Dublin were all affected. Brussels Airport was hit the hardest, asking airlines to cancel nearly half of all outbound flights scheduled for Monday.
Work continues to resolve and recover from the outage of a Collins Aerospace airline system that impacted check-in. We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.
— Heathrow Airport (@HeathrowAirport) September 21, 2025
We encourage… pic.twitter.com/S40IbNveqK
Airports Affected and Scale of Disruption
Brussels Airport faced the most significant chaos, cancelling 50 of 257 scheduled departures on Sunday and advising airlines to cancel 140 Monday flights. Passengers dealt with long queues and minimal assistance unless they had checked in online.
London Heathrow also experienced delays, but around half of its airlines were back online by Sunday. British Airways was among those using backup systems since Saturday.
Berlin Brandenburg Airport said manual check-ins were still active, and longer waiting times were being reported at boarding, baggage handling and reclaim.
Operational Adjustments
Airports switched to manual systems using laptops and backup terminals. Some airlines even advised staff not to turn off or log out of the compromised software, in an attempt to maintain minimal operational functionality.
Passengers were encouraged to check flight statuses online and use self-service kiosks or online check-in where possible. Many airports issued blanket advisories for people to arrive early and expect longer wait times.
System Restoration Efforts
Collins Aerospace, a division of RTX, said they are in the final stages of restoring software updates and working closely with four of the most impacted airports.
However, Brussels Airport said as of Monday morning they still had not received a secure and updated version of the software, forcing continued cancellations and delays.
Some reports indicate that more than 1,000 computers were corrupted and many had to be recovered in person, adding to the delays.
Wider Impacts and Implications
Tens of thousands of passengers were affected across Europe. Heathrow, Berlin, and Brussels all saw massive queues, particularly at staffed check-in counters.
The event raises serious concerns about software dependencies in aviation, with many airports relying on a single third-party vendor. The MUSE system is widely used across multiple international airlines.
The National Cyber Security Centre (UK) is now working with Collins Aerospace, the Department for Transport, and affected airports to determine the full impact.
A recent report from aerospace firm Thales found that cyberattacks on aviation have surged 600% over the last year, highlighting how vulnerable the sector has become to criminal hacking.
SQ Magazine Takeaway
I think this event clearly shows how deeply modern air travel depends on interconnected digital infrastructure and how vulnerable that makes the system. When a single software provider is compromised, every airport using it feels the pain. Passengers get delayed, airlines lose money, and trust in the system weakens. This needs to be a wake-up call. We need stronger redundancy, backup systems, and real cybersecurity across the aviation world. No one should have to rely on pulling out laptops at the gate just to board a flight.
