Cyberattack on Collins Aerospace check-in software disrupts major European airports

A cyberattack targeting Collins Aerospace’s MUSE passenger check-in and baggage drop software triggered cancellations and delays across multiple European hubs on September 20, forcing airports to fall back to manual processing and warning travelers of continued disruption into Sunday. Collins’ parent RTX confirmed a “cyber-related disruption,” while investigators have not yet identified a perpetrator.

The Incident

  • Automated check-in and self-service bag drop were knocked offline at airports including London Heathrow, Berlin Brandenburg, and Brussels.
  • Brussels Airport urged airlines to cancel roughly half of Sunday’s departures to manage knock-on effects.
  • Heathrow reported about a dozen cancellations; Berlin warned of longer wait times as staff switched to manual workflows.
  • Data from Cirium showed 29 total cancellations across Heathrow, Berlin, and Brussels on Saturday, with hundreds more departures scheduled.

Technical Details

  • The affected platform is MUSE (Multi-User System Environment), a common-use system airlines rely on for check-in, boarding, and baggage processing. Impact was “limited to electronic customer check-in and baggage drop,” according to RTX.
  • Airports mitigated outages by switching to manual check-in, reducing throughput and increasing queues.
  • Authorities said there is no evidence of a widespread systems compromise, but the event underscores third‑party risk in aviation IT supply chains.

Impact/Applications

  • Brussels canceled 17 flights and diverted four on Saturday; Heathrow and Berlin experienced additional cancellations and delays as airlines activated contingencies. Some carriers, including British Airways, reported limited impact due to backup systems.
  • The incident highlights dependence on shared airport IT and the operational cost of reverting to manual processes during cyber events.

Future Outlook

  • Collins Aerospace says restoration is underway; airports anticipate residual delays through September 21 as schedules are rebalanced.
  • Likely next steps include forensic analysis, patching, segmentation reviews, and tabletop exercises focused on third‑party outages.
  • Regulators and operators may accelerate resilience measures—offline check-in fallbacks, diversified vendors, and stricter incident reporting—under existing EU frameworks.

In a year of frequent infrastructure-targeting attacks, this disruption is a pointed reminder: even “limited” outages at a single vendor can ripple across continents when the software underpins core airport operations.

reuters.com ft.com onmanorama.com jordantimes.com apnews.com