A major ransomware attack recently caused widespread disruption to airline operations across several key European airports, resulting in hundreds of flight cancellations and delays for passengers. The incident highlights the growing vulnerability of the aviation industry due to its heavy reliance on technology, especially third-party software for critical services such as check-in and baggage handling.
The attack specifically targeted the popular MUSE check-in and boarding system, developed by US-based Collins Aerospace, a subsidiary of RTX. European cybersecurity agency ENISA confirmed on September 22 that ransomware had affected MUSE’s operations, forcing airports in Berlin, Brussels, and London Heathrow to revert to manual systems.
The impact was severe: Brussels Airport canceled half of its Sunday and Monday flights, and Berlin Airport reported delays exceeding an hour due to nonfunctional check-in systems. At London Heathrow, Terminal 4 experienced significant disruption, with departures delayed by up to two hours and ongoing manual check-ins.
While Collins Aerospace claimed that manual processes could mitigate problems, the scale of the disruptions proved otherwise. Staff struggled to manage operations without technological support, underscoring the risks posed by dependence on software and the critical need for robust cybersecurity measures. Restoration of MUSE was nearly complete by Monday, yet some airports like Dublin experienced minimal disruption, showing varying impacts across different locations.
The broader risk is amplified by the fact that MUSE is used by over 300 airlines at 100 airports worldwide, raising concerns about the possibility of further attacks if vulnerabilities remain unaddressed. Experts caution that a compromised update could still threaten other airports, or that attackers may use initial breaches to extort further ransom from software providers.
This incident is part of a dramatic surge in cyberattacks facing the aviation sector, which saw a staggering 600% increase in 2025 compared to the previous year, according to French aerospace company Thales. Experts point out the economic and geopolitical stakes involved, advocating for a comprehensive cybersecurity strategy, adoption of AI tools, and industry-wide collaboration to address threats.
The attack highlights that cyberattacks may have objectives beyond operational disruption, potentially targeting sensitive data and system integrity and emphasizing the urgent need for more resilient aviation security protocols.