Europe Airport Cyberattack Confirmed
On 22 September 2025, the European Union Agency for Cybersecurity (ENISA) confirmed a Europe airport cyberattack that compromised electronic check-in systems across multiple airports.
The malicious software, suspected to be ransomware, targeted Collins Aerospace’s MUSE airport systems, widely used for check-in and baggage handling. The incident has caused delays and cancellations since 19 September, forcing airports to rely on manual processes.
The UK’s National Crime Agency (NCA) announced on 23 September the arrest of a suspect believed to be connected to the cyberattack. Recovery efforts remain ongoing.
Background
Ransomware attacks are an increasing concern for aviation and critical infrastructure sectors.
- A 2023 survey by Bitkom identified ransomware as the most common form of cyberattack globally.
- Collins Aerospace itself was previously targeted in 2023 by the ransomware group BianLian, which claimed to have stolen employee and corporate data.
- According to Thales, cyberattacks on the aviation sector increased by 600 percent in the past year.
- In June 2025, a cyberattack on Qantas Airways’ call center resulted in a significant data leak.
This latest Europe airport cyberattack illustrates how supply chain vulnerabilities can directly impact frontline airport operations.
Immediate Implications
The cyberattack disrupted multiple major airports across Europe, forcing a switch to manual check-ins and creating widespread operational challenges:
- Heathrow Airport (UK): Flights continued to operate, but delays and cancellations persisted. Staff were instructed to continue manual boarding.
- Brussels Airport (Belgium): Airlines canceled nearly 140 out of 276 outbound flights on 22 September, citing uncertainty about restoration timelines.
- Berlin Airport (Germany): Could not provide an estimate for restoration. Departures were delayed by over an hour, worsened by high passenger volumes during the Berlin Marathon.
- Passenger Guidance: On 21 September, travelers were advised not to arrive at airports unless flights were confirmed.
The MUSE airport system, a third-party solution, being compromised highlights risks of supply chain attacks in aviation.
Recommendations
- Travelers: Confirm flight status before arriving at airports, allow additional travel time, and be prepared for manual check-in procedures.
- Airlines and airports: Continue coordination with Collins Aerospace and ensure staff are trained in manual fallback procedures.
- Organizations: Review and strengthen travel risk management plans, ensuring employees have contingency guidance for disruptions.
- Cybersecurity teams: Conduct supply chain risk assessments, patch vulnerabilities quickly, and ensure backup systems are operational.
Outlook
The Europe airport cyberattack underscores the aviation sector’s growing vulnerability to ransomware and supply chain threats. While recovery efforts are ongoing, disruptions may continue in the short term until full restoration of automated systems is achieved.
In the longer term, airports and airlines are expected to place greater emphasis on cyber resilience, including stronger monitoring, vendor oversight, and continuity planning, to mitigate similar incidents in the future.
Conclusion
The Europe airport cyberattack in September 2025 caused widespread delays and cancellations across major airports, forcing reliance on manual check-ins. With the aviation sector increasingly dependent on third-party systems, the incident highlights urgent cybersecurity and continuity challenges for airports, airlines, and passengers alike.
Stay Ahead of Threats with datasurfr Predict
MitKat’s datasurfr delivers accurate, real-time, and contextualised data to help organisations respond swiftly to physical, environmental, and cyber threats.
With datasurfr Predict, our AI Agent not only provides context for unfolding events but also analyses vetted historical data to forecast how events are likely to evolve and their potential impact using industry and location-specific probabilistic scores. Book a free demo today and see how datasurfr Predict can transform your risk preparedness.