A sophisticated cyberattack has crippled automated check-in and boarding systems at major European airports including London Heathrow, Brussels and Berlin, forcing airlines to cancel flights and resort to manual procedures that have left thousands of passengers stranded.
The attack, which struck overnight on Friday, targeted Collins Aerospace, a subsidiary of defence giant RTX Corporation that provides critical aviation technology to airports worldwide. The breach rendered electronic systems completely inoperable, creating chaos at Europe’s busiest travel hubs as staff scrambled to process passengers using pen and paper.
Brussels Airport bore the brunt of the disruption, with authorities requesting airlines cancel 50% of flights scheduled between 4am and noon UTC on Saturday. At least 10 flights were cancelled outright from Brussels, with another 17 delayed by over an hour and four diverted to alternative airports as the crisis unfolded.
“This has a large impact on the flight schedule and will unfortunately cause delays and cancellations of flights,” Brussels Airport stated in an emergency announcement. “The service provider is actively working on the issue and trying to resolve the problem as quickly as possible.”
The attack highlights the aviation industry’s alarming vulnerability to cyber threats, with sector-wide attacks increasing by 600% between 2024 and 2025, according to French aerospace company Thales. Experts warn that every link in aviation’s digital chain has become a prime target for increasingly sophisticated cybercriminals.
Heathrow Chaos as Systems Fail
At London Heathrow, Europe’s busiest airport handling over 80 million passengers annually, travellers described scenes of confusion and mounting frustration as check-in queues stretched through terminals. The airport deployed additional staff with iPads to assist passengers, but the manual workarounds proved woefully inadequate for the volume of traffic.
Derine, 19, flying from Malta to Ireland for university, told reporters: “There has not been much information about my next flight. When we arrived, the plane just circled the runway about five times. We weren’t let off the plane for half an hour.”
A mother travelling with three generations of her family to visit her son in Canada expressed anxiety about the delays: “We haven’t seen him in over a year, so I really hope it’s not delayed. We’ve been checking our phones constantly this morning.”
Another couple heading to Zanzibar reported hour-long delays and security chaos. “There were huge queues, and the machines weren’t working, so everyone was just swarming the staff with iPads. It was chaos,” they said.
A Heathrow spokesperson attempted to downplay the impact, stating: “Collins Aerospace, who provide check-in and boarding systems for several airlines across multiple airports globally, is experiencing a technical issue, which may cause delays for departing passengers.”
The airport advised passengers to arrive no earlier than three hours before long-haul flights or two hours before domestic services, whilst urging travellers to check flight status before heading to the airport. “Additional colleagues are available in check-in areas to assist and minimise disruption. We apologise for any inconvenience,” the spokesperson added.
RTX Confirms ‘Cyber-Related Disruption’
RTX Corporation, Collins Aerospace’s parent company, acknowledged the incident as a “cyber-related disruption” affecting its MUSE (Multi-User System Environment) software at “select airports.” The company claimed the impact was “limited to electronic customer check-in and baggage drop” and could be “mitigated with manual check-in operations.”
“We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible,” RTX stated, without providing a timeline for restoration or details about the attack’s nature.
Industry sources suggest the centralised compromise likely targeted cloud-based or networked infrastructure shared across client airports, explaining the simultaneous impact on multiple locations. No ransomware group has yet claimed responsibility, though experts note the attack bears hallmarks of recent sophisticated campaigns against aviation infrastructure.
Berlin Reports Extended Delays
Berlin Brandenburg Airport confirmed longer waiting times at check-in counters, with authorities forced to sever connections to compromised systems as a security precaution. “Due to a technical issue at a system provider operating across Europe, there are longer waiting times at check-in. We are working on a quick solution,” the airport stated.
The widespread nature of the disruption underscores aviation’s vulnerability to supply chain attacks, where compromising a single technology provider can cascade across multiple airports and airlines simultaneously.
Aviation Under Siege
The attack represents the latest in an escalating wave of cyber incidents targeting aviation infrastructure. According to cybersecurity firm SOCRadar, the industry has already experienced 10 major attacks in 2025, ranging from data breaches affecting millions of passengers to ransomware campaigns paralysing operations.
Recent high-profile incidents include Russia’s Aeroflot suffering over 100 flight cancellations in July following a major breach, and Japan Airlines experiencing disruptions during the crucial New Year holiday period in December 2024. The Port of Seattle’s multiday attack in August 2024, linked to Rhysida ransomware, impacted ticketing and check-in services whilst exposing data of 90,000 individuals.
SecurityScorecard’s 2024 aviation industry analysis rated the sector only a “B” for cybersecurity, warning that organisations with this rating are 2.9 times more likely to suffer data breaches than those with an “A” rating. Aviation-specific software and IT vendors scored lowest, with a mean score of 83, posing substantial third-party risks.
“Aerospace organisations are attractive targets because of their operational complexity and high sensitivity to downtime,” explained Sam Rubin, Senior Vice President at Unit 42 for Palo Alto Networks. “The most effective step companies can take is to strengthen their people defences through clearly defined identity verification procedures, regular training, and empowering employees to recognise suspicious activity.”
Regulatory Response Urgently Needed
The incident arrives as regulatory bodies worldwide scramble to implement stricter cybersecurity requirements for aviation. The US Transportation Security Administration introduced new mandates in March 2023, whilst the EU’s Implementing Regulation 2023/203 will take effect in 2026, setting new standards for aviation information security risk management.
Both the European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) are planning additional regulations in coming years, though critics argue the pace of regulatory change cannot match the speed of evolving threats.
The International Civil Aviation Organization reported in 2025 that 71% of aviation cyberattacks involve misappropriating login credentials and unauthorised IT infrastructure access, whilst 25% consist of DDoS attacks targeting online services. The organisation has been working on aviation cybersecurity since the 2000s but faces challenges keeping pace with rapidly evolving threats.
Minimal Impact at Some Locations
Not all airports were equally affected. Paris’s Roissy, Orly and Le Bourget airports reported no disruptions, suggesting the attack targeted specific implementations of Collins Aerospace systems rather than the entire network. Airlines using alternative systems, such as Amadeus utilised by British Airways, remained largely unaffected at impacted airports.
Poland’s deputy prime minister and digital affairs minister, Krzysztof Gawkowski, confirmed no signs of impact at Polish airports, indicating the attack’s geographic limitations despite its severity at affected locations.
Industry Warnings Ignored
IT security experts have warned for months that hackers are increasingly targeting airlines and service providers using social engineering techniques rather than traditional code-based attacks. The FBI warned in July that a group known as ‘Scattered Spider’ may be behind a wave of aviation cyberattacks using these methods.
Today’s breed of cybercriminals persuades IT help desks to provide system access, allowing them to corrupt files and steal information without sophisticated hacking tools. This human-centred approach has proven devastatingly effective against aviation’s complex, interconnected systems.
Airlines have responded by prioritising cybersecurity investments, with 87% implementing security operations centres according to SITA’s 2024 Air Transport IT Insights report. However, the sector’s reliance on legacy systems and the complexity of modernising critical infrastructure whilst maintaining operations creates persistent vulnerabilities.
Passenger Advice
Authorities urged passengers travelling today to contact airlines directly before heading to airports. Brussels Airport recommended arriving two hours early for Schengen zone flights and three hours for destinations outside the area. Similar advisories were issued across affected airports as manual processing continued to cause significant delays.
The attack’s timing, striking during weekend travel when many families embark on holidays, amplified its impact. With systems potentially requiring days to fully restore and verify as secure, disruptions are expected to continue into next week.
As aviation becomes increasingly digitalised and interconnected, experts warn that such incidents will become more frequent and severe unless the industry fundamentally reimagines its approach to cybersecurity. The Collins Aerospace attack demonstrates that in modern aviation, a single point of failure can ground flights across continents, turning cutting-edge technology from an asset into a critical vulnerability.
Follow for more updates on Britannia Daily
