On September 20, 2025, a cyberattack targeting Collins Aerospace’s MUSE software caused widespread disruption at three major European airports. Flight operations were disrupted at London Heathrow (LHR), Berlin Brandenburg (BER), and Brussels (BRU).
The attack crippled digital check-in, baggage drop, and boarding systems, forcing airlines to revert to manual processes. This led to long queues, flight delays, and cancellations, affecting thousands of passengers.
The chaos continued into September 21, with recovery efforts still underway.
September 20: The Cyberattack Hits
Saturday September 20, 2025, saw significant operational turmoil. Across Heathrow, Berlin, and Brussels, a total of 35 departures and 25 arrivals were cancelled, according to Cirium data.
Brussels faced the brunt with 15 cancellations, followed by Heathrow with 13, and Berlin with 7. For context, Heathrow had 651 scheduled departures, Brussels had 228, and Berlin had 226.
The disruptions stemmed from a “cyber-related disruption” in Collins Aerospace’s MUSE system, a critical tool for airport operations. While air traffic control and flight safety remained unaffected, manual check-ins doubled processing times, leading to severe congestion.
At Heathrow, passengers reported three-hour baggage queues and hand-written tags. Berlin saw extended wait times, while Brussels warned of a “large impact” on schedules.
Collins Aerospace, a subsidiary of RTX Corporation, quickly acknowledged the issue and began containment efforts. The company disconnected affected systems to limit the attack’s spread, but this slowed operations further.
The UK’s National Cyber Security Centre (NCSC), along with Belgian and German cyber agencies, stepped in to assist.
No official attribution for the attack—whether ransomware, DDoS, or state-sponsored—has been confirmed. Some have speculated a link to Collins’ recent NATO contract for electronic warfare software.
September 21: Ongoing Disruptions
On September 21, 2025, the fallout persisted. So far, 38 departures and 33 arrivals have been cancelled across the three airports.
Heathrow, with 673 scheduled departures, continues to struggle, while Brussels (256 departures) and Berlin (270 departures) face similar challenges.
Brussels has been hit hardest, with airlines asked to cut 50% of flights for Sunday and Monday—potentially 140 cancellations.
Recovery hinges on a secure software patch, but no timeline has been confirmed. Passengers are advised to arrive three hours early, especially for long-haul flights, and to check airline apps for updates.
Rising Concern of Cyberattacks
This cyberattack highlights the vulnerability of centralized aviation tech. Collins Aerospace serves numerous airlines globally, making it a prime target.
A single breach can ripple across continents, as seen here. The aviation sector has faced a 600% surge in cyberattacks from 2024 to 2025, per industry reports.
This incident, while not “widespread or severe” according to the European Commission, exposes the risks of digital reliance.
Manual backups mitigated some damage, but inefficiencies caused chaos. Travelers faced hours of delays, missed connections, and frustration, underscoring the need for robust cybersecurity.
Looking Ahead
Airports are working to restore normalcy, but disruptions may linger into Monday. Brussels’ request for flight reductions signals ongoing strain. Passengers should monitor flight statuses closely, arrive early, and expect manual processes.
Airlines are offering rebooking options, but demand is high. The NCSC and Collins are collaborating to resolve the issue, with investigations into the attack’s origins ongoing.
As aviation leans on technology, safeguarding systems like MUSE is critical to avoid future chaos.
Credits: European Airports
