Cyber Attack European Airports: How the Incident Disrupted Travel Across Europe

What Happened in the Cyberattack at Major European Airports

On the evening of Friday, 19th of September 2025, a cyber attack hit Collins Aerospace, a major provider of check-in and boarding systems across Europe. The attack targeted its MUSE Software (Multi-User System Environment), which many airports use for electronic check-in, baggage drop, boarding pass printing, and other customers processing tasks.

By Saturday, 20th of September and continuing into today, 22th of September 2025 disruptions persisted, especially in Brussels, Berlin, and London Heathrow.

European Airports Affected by Cyber Attack

The cyber attack impacted multiple major European airports, especially:

1. Brussels Airport: Arguably took the hardest hit. Many flights cancelled and long delays.

2. London Heathrow Airport: Europe's busiest airport experienced delays. Some flights cancelled and check-in desks overloaded.

3. Berlin (Brandenburg Airport): Faced with longer waiting times, manual procedures in place as well.

4. Dublin Airport (Including Terminal 2) & Cork in Ireland: Reported "minor impacts" or ongoing disruption as of Sunday.

Other airports like Frankfurt, Zurich, and Paris-area ones seem not to be affected.

Effect of the European Airports Cyber Attack

Because of the attack:

• Automated check-in, baggage drop, and boarding pass printing systems were disabled at affected airports. Staff were forced to revert to manual check-in and boarding.

• Flight delays and cancellations mounted: In Brussels alone, ~25 flights were cancelled on Saturday, ~50 on Sunday. And as of today, airlines were asked to cancel about half of Brussels' departures due to lack of secure updated software.

• Long queues, frustrated passengers, slower processing. At Heathrow flights were delayed and some were cancelled.

• Some operations less impacted: Self-service kiosks, online check-in remained functional in many places.

Latest Update as of Monday, 22nd of September 2025

• Brussels is still in serious trouble. Because Collins Aerospace has not yet delivered a secure update to the MUSE software, Brussels Airport asked airlines to cancel about half of Monday’s departures.

• Heathrow and Berlin have improved: delays are reducing and operations are returning toward normal, though manual processes are still in place in many check-in desks.

• Dublin Airport continues to report some disruption, particularly in Terminal 2. Some flights cancelled or delayed there as well.

• Regulators are involved: European authorities, national cyber security centers, etc., are investigating. The origin is not identified yet.

Our Insights on the European Airports Cyber Attack

• Single Points of Failure in Vendor Systems

  When many airports rely on one provider’s system (here, Collins Aerospace’s MUSE), a single disruption at that provider cascades widely. Organisations must assess vendor risk, ensure their vendors have robust security, backups, and incident response protocols.

• IT + OT Security Overlap

  Airport operations are a mix of IT systems (check-in kiosks, boarding pass systems) and operational technology (OT) — baggage handling, boarding gates. Cybersecurity services aimed only at IT might miss OT vulnerabilities. Ensuring security across both domains is essential.

• Readiness for Manual / Fallback Processes

  Automated systems are efficient, but manual backups must be well-prepared. Staff training, processes, “offline” methods (paper, manual verification) should be tested, in place, and can scale under stress.

• Real-Time Communication & Transparency

  Passengers were frustrated partly due to lack of timely updates. Airports/airlines/vendors must have mechanisms for rapidly informing users of status, alternate routes, delays, etc. Transparency helps reduce panic.

• Regulatory & Compliance Pressure Increases

  Incidents like this often lead regulators to enforce stricter rules for critical infrastructure providers: mandatory reporting, minimum resilience standards, audit of third-party providers. Organisations should anticipate this and build in compliance.

What You Should Do If You Are an Airport, Airline, or Other Critical Infrastructure Operator:

• Conduct a vendor risk audit to make sure your third-party systems have strong cybersecurity practices, redundancy, and secure update mechanisms.

• Implement or test fallback/manual procedures to ensure operations can continue when automation fails.

• Invest in unified IT & OT security oversight, ensuring both systems talk to each other and are protected against similar attacks.

• Keep your incident response and communication plans updated, including with law enforcement and cybersecurity authorities.

• Monitor cyber threat intelligence, these attacks are happening more often; staying informed can give you early warning.

Conclusion:

The cyber attack on Collins Aerospace, affecting airports across Europe (notably Heathrow, Brussels, Berlin, Dublin and others), shows how interconnected and vulnerable the modern travel system is. Automated convenience can be disrupted suddenly by a threat outside the direct control of the airport or airline.

As of Monday, September 22, 2025, some recovery is under way but Brussels still faces large cancellations due to lack of a secure update. The incident reinforces the urgent need for robust cybersecurity covering both IT and OT, overseeing vendor risks, fallback plans, and clear communication strategies.