European Aviation System Implodes: Cyberattacks Expose Deeper Crisis Plaguing Continental Air Travel

BRUSSELS/LONDON, September 21 – A sophisticated cyberattack targeting Collins Aerospace’s check-in systems has brought chaos to Europe’s busiest airports, with hundreds of flights canceled or delayed and passengers stranded in hours-long queues as the crisis enters its third day.

The attack, which began Friday night, has disrupted operations at London Heathrow, Brussels, Berlin Brandenburg, and Dublin airports, forcing staff to revert to manual check-in processes and creating widespread passenger frustration across the continent.

629 Flights Disrupted at Heathrow Alone

By Saturday evening, flight tracking data revealed the scale of the disaster, with 629 flights disrupted at Heathrow Airport alone – Europe’s busiest hub with over 651 scheduled departures for the day. The disruption has affected millions of passengers, with Brussels Airport requesting airlines to cancel half of Sunday’s departures to prevent further chaos.

At Brussels Airport, officials reported four flight diversions and confirmed that most departing flights were experiencing delays of at least one hour, with 10 flights canceled by mid-morning Saturday. The airport warned that disruptions would extend through the weekend, describing the incident as having “a large impact on the flight schedule”.

Manual Check-in Creates Hours-Long Delays

The cyberattack targeted Collins Aerospace’s MUSE (Multi-User System Environment) software, which enables multiple airlines to share check-in desks and boarding gates at approximately 300 airlines across 100 airports worldwide. With automated systems rendered inoperable, airports were forced to implement manual check-in and boarding procedures.

“It’s been total chaos, and it’s quite frustrating for most people here,” said Tereza Pultarova, a journalist stranded at Heathrow while trying to catch a connecting flight to Cape Town. “Unfortunately, the airline I’m with doesn’t have a service desk here, so we’ve been left in the dark.”

At Heathrow’s Terminal 3, staff used megaphones to guide crowds of passengers who had been waiting in line for hours to check in for flights scheduled to depart imminently. The airport deployed additional staff to check-in areas and advised passengers to arrive no more than three hours before long-haul flights or two hours before domestic flights.

Sophisticated Attack Exposes Critical Vulnerabilities

Collins Aerospace, a subsidiary of RTX Corporation (formerly Raytheon Technologies), acknowledged the “cyber-related disruption” but declined to identify the perpetrators or provide technical details about the breach. The company emphasized that “the impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations”.

Cybersecurity experts have warned that the incident highlights the fragile nature of aviation’s digital infrastructure. Rafe Pilling, director of threat intelligence at Sophos, noted that the attack revealed “the fragile and interdependent nature of the digital ecosystem underpinning air travel”.

“Increasingly, hackers are not just criminals but are being weaponized by hostile nation states against Europe, with supply chains seen as an easy way to cause chaos,” said Rob Jardin, chief digital officer at cybersecurity experts NymVPN.

Government Response and Security Concerns

British Transport Secretary Heidi Alexander confirmed she was receiving regular updates on the situation, while the UK’s National Cyber Security Centre said it was working with Collins Aerospace and affected airports to fully understand the incident’s impact.

Germany’s federal office for information security (BSI) reported it was in contact with Berlin Airport regarding “infrastructure disruptions” from the global system outage, while assuring that aviation security remained intact.

The European Commission stated there were no current signs of a “widespread or severe attack,” though investigations into the incident’s origins continue. A spokesperson emphasized they were coordinating with airlines and airports to “restore operations and assist passengers”.

Airlines Scramble for Solutions

While some carriers managed to avoid major disruption, others faced significant operational challenges. British Airways continued operating normally using a backup system, while most other airlines at Heathrow experienced difficulties.

EasyJet and Ryanair, which don’t operate from Heathrow, reported normal operations. Delta Air Lines implemented a workaround to minimize disruption, while United Airlines reported minor departure delays but no flight cancellations.

The attack particularly affected international carriers, with airlines like Etihad Airways facing longer-than-usual check-in times at affected airports, while Emirates reported minimal operational impact.

Weekend Disruption Extends Crisis

Brussels Airport’s decision to request airlines cancel half of Sunday’s departures signals the crisis will extend well into the weekend. The airport cited the need to prevent long queues and last-minute cancellations as disruptions continue.

Dublin Airport’s Terminal 2 was briefly evacuated as a precautionary measure during the crisis, though it later reopened with minor ongoing impacts. Cork Airport, Ireland’s second-largest, also reported disruptions.

Pattern of Aviation Cyber Vulnerabilities

The Collins Aerospace attack represents the latest in a series of cybersecurity incidents affecting European aviation this year. Previous incidents include:

• July 30: UK air traffic control provider NATS suffered a major technical glitch, canceling over 150 flights
• May 11: Stansted Airport faced extensive delays due to IT system failures
• March 21: Heathrow closed completely following an electrical substation fire, disrupting 270,000 passenger journeys

Several cybersecurity tracking sites previously reported that Collins Aerospace had been targeted by ransom-seeking hackers in 2023, suggesting ongoing vulnerabilities in the company’s systems.

Passenger Compensation and Rights

The widespread disruptions have triggered a surge in passenger compensation claims under EU Regulation 261/2004, which requires airlines to provide compensation for delays and cancellations caused by extraordinary circumstances beyond their control.

However, cybersecurity incidents typically fall under “extraordinary circumstances,” potentially limiting passengers’ rights to financial compensation, though airlines remain obligated to provide care and assistance including meals, accommodation, and rebooking.

Long-term Security Implications

Aviation security experts warn that the incident demonstrates how cyberattacks on third-party suppliers can cause cascading failures across multiple airports and airlines simultaneously.

“This incident highlights how modern aviation’s reliance on shared digital infrastructure creates single points of failure,” noted Hisham Al Assam, a computer science instructor at the University of Buckingham. “These systems turn efficiency into vulnerability, where one breach can disrupt multiple airlines at once”.

The attack comes as European aviation already faces unprecedented challenges from staff shortages, air traffic control capacity constraints, and ongoing labor disputes across the continent.

Recovery Efforts Continue

As of Sunday morning, Heathrow Airport confirmed it was continuing to “resolve and recover” from the outage while apologizing to affected passengers. The airport warned that some disruption could persist throughout the day as systems are gradually restored.

Collins Aerospace has not provided a timeline for full system restoration, leaving millions of European travelers facing continued uncertainty about their travel plans.

The incident serves as a stark reminder of aviation’s vulnerability to cyber threats and the urgent need for enhanced cybersecurity measures across the industry’s critical infrastructure systems.