A cyberattack on a passenger processing system supplied by Collins Aerospace has caused widespread disruption at several of Europeās busiest airports, forcing cancellations, delays and long queues as operators raced to restore normal service.
The incident affected MUSE, Collins Aerospace check-in and boarding platform used by airlines and airports to process passengers and manage baggage. The attack struck late Friday, disabling automated functions at Brussels, London Heathrow, and Berlin Brandenburg airports.
With the system offline, staff issued paper boarding passes, manually checked documents, and hand-tagged luggage. Such procedures helped keep some flights moving but were unable to cope with the passenger volumes at large hubs.
Brussels Airport reported the heaviest disruption, cancelling 25 departures on Saturday, 50 on Sunday, and asking airlines to cancel about half of Mondayās flights. Berlin Brandenburg and Heathrow also faced delays, though services gradually improved by Sunday after partial restoration of software functions.
Collins Aerospace, part of RTX, said it was in the final stages of preparing secure updates to restore operations, but implementation varies because each airport uses customised versions of the platform.
Travellers who checked in online or carried only hand luggage experienced less disruption. Those who needed in-airport check-in or baggage drop faced long queues, particularly at Brussels and Berlin.
Airlines are expected to bear significant costs. Under EU passenger rights rules, they must compensate customers for cancelled flights, even when disruption stems from external IT providers. Airports also lose revenue from reduced traffic and concession sales.
The attack highlights vulnerabilities in aviation IT, where a small number of vendors dominate passenger processing systems. Analysts say heavy reliance on centralised providers increases the risk of systemic failure if one is compromised.
Past incidents include a 2017 Amadeus software glitch that disrupted check-in globally, and a 2021 SITA data breach affecting frequent-flyer records. Unlike those cases, the Collins attack appears to be a deliberate cyber intrusion aimed at disabling operations.
European regulators have opened investigations into the attack. Questions centre on Collinsā cyber-hardening, intrusion detection, and patch deployment procedures. Officials may also consider classifying providers such as Collins as critical infrastructure, bringing stricter oversight under EU cybersecurity directives.
Experts say the aviation sector must diversify IT vendors, accelerate patch management, and test manual fallback systems under realistic passenger volumes. Some argue IT platforms should undergo certification similar to aircraft hardware, given their operational importance.
Airports are expected to continue experiencing disruption until secure software patches are fully deployed. Longer term, the attack is likely to intensify pressure on airlines, airports and regulators to strengthen resilience against cyber threats.
