Thousands of airline passengers were left stranded at European airports over the weekend after boarding software company Collins Aerospace suffered a major ransomware attack.
The attack impacted Collins Aerospace's Multi-User System Environment (MUSE) software – the program that accommodates passenger self check-ins, prints boarding passes and dispatches luggage for several airlines across the globe.
Hundreds of delays and several dozen flight cancellations were reported by flight tracker FlightAware through the weekend, with Brussels Airport in Belgium seemingly hit hardest after suffering delays on 66 per cent of outbound flights on Saturday.
At least five European airports confirmed they were impacted by the incident, including Berlin-Brandenburg, Brussels, Dublin, Cork, and London’s Heathrow – the continent’s busiest airport.
“Collins Aerospace, which provides check-in and boarding systems for several airlines across multiple airports globally, is experiencing a technical issue that may cause delays for departing passengers,” said the UK’s Heathrow Airport.
Flight schedules steadied during Sunday, though multiple airlines at Dublin, Brussels and Berlin continued to use manual workarounds for boarding.
As of Monday, Brussels Airport said it was “still unclear” when the issue would be resolved and urged customers to “only come to the airport if their flight is confirmed”.
Berlin-Brandenburg Airport continued to push customers to online check-in services amid “longer waiting times”, while Heathrow Airport was still working to “resolve and recover from” the outage.
“We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate,” Heathrow Airport said.
Collins Aerospace has a global presence at more than 170 airports, according to its website.
US company held to ransom
As delays piled up on Saturday, Collins Aerospace confirmed it had become aware of a “cyber-related disruption” to its MUSE software in “select airports”.
“We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible,” Collins Aerospace said in a widely shared statement.
Crowds quickly formed at London's Heathrow Airport. Photo: x.com / KC Barnard @lovebydeception
By Monday night, the European Union’s cybersecurity agency ENISA confirmed the disruptions were indeed caused by a ransomware attack.
Though the agency did not confirm where the ransomware attack originated from, it told Reuters “law enforcement is involved to investigate.”
Collins Aerospace emphasised the incident was contained to “electronic customer check-in and baggage drop” and could be “mitigated with manual check-in operations”.
Owned by US aerospace and defence group RTX, the company has not publicly disclosed who is responsible for the attack.
RTX did not respond to Information Age prior to deadline, though the UK’s National Cyber Security Centre (NCSC) has engaged Collins Aerospace for investigations.
“We are working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident,” said an NCSC spokesperson.
The outage follows some 291 reported layoffs at Collins Aerospace between March and July 2025.
Australian airports should take note
Monash University professor of practice Nigel Phair said the outage highlighted how “technically interconnected” aviation is.
“It is probably unrealistic for this not to occur when you look at the amount of technology used at airports for check-in and baggage distribution,” Phair told Information Age.
“Australia is at a similar risk to any other global airport in this regard, so it is important to understand the various cyber risks facing such third-party software, ensure the creators of it have appropriately and rigorously tested it, and shared the findings.”
Indeed, Australian airline Qantas suffered a significant data breach in July after cybercriminals targeted a third-party contact centre in Manilla.
Following the Collins Aerospace outage, Phair urged Australian airports to practise their business continuity efforts and rehearse “manual work arounds” in the event of a similar attack.
“While this hasn’t yet impacted any Australian airports, it demonstrates the need for Australian airlines to redouble their cybersecurity controls; especially after the recent Qantas data breach.”
