Cyberattack Disrupts Major European Airports: What Happened and How to Respond

In late September 2025, a cyberattack on a critical airline IT provider sent ripples of chaos through major European airports. Brussels Airport was hit on a Friday night by a “cyber-attack” that took down its electronic check-in and baggage systems, forcing staff to check in passengers and luggage by hand . London’s Heathrow – Europe’s busiest airport – and Berlin Brandenburg were among the other hubs affected, experiencing long queues and multi-hour delays as airlines scrambled to keep flights running without their usual digital tools . Dublin and Cork airports in Ireland also reported minor impacts as they reverted to manual check-ins . The attack resulted in hundreds of flight delays and several cancellations across the continent , underscoring how a single cyber incident can grind air travel operations to a crawl.

A Coordinated Attack on Shared Systems

The source of the disruption was traced to Collins Aerospace’s MUSE platform (Multi-User System Environment), a common software used by multiple airlines for passenger check-in and boarding gate management . Collins’ parent company RTX confirmed a “cyber-related disruption” in its software at several airports . In practice, this meant the automated kiosks and digital baggage-drop systems went offline simultaneously at multiple airports – a nightmare scenario for the aviation industry. Airport authorities emphasized that the impact was limited to customer check-in and bag drop functions, which could be mitigated by switching to manual operations . British Airways, for example, was able to quickly move to a backup system and avoid major fallout at Heathrow, but most other airlines relying on the compromised platform were hit hard . By Saturday, hundreds of flights were delayed as staff manually checked tickets and tagged bags, and some flights were cancelled outright to ease congestion . Brussels Airport even asked airlines to cancel half of all flights the following Monday to prevent massive queues, as the system outage continued into a second day . At Heathrow, about 90% of over 350 flights on the first day were delayed (averaging 34-minute delays), though only a handful were cancelled . The widespread nature of the incident served as a stark reminder that modern airports’ reliance on shared digital infrastructure can become a single point of failure.

Other Cyber Incidents in Aviation

This was not an isolated case – cyberattacks on airlines and airports have grown more frequent in recent years. Notable incidents include:

LOT Polish Airlines (2015): Hackers breached the airline’s ground computer systems used for flight planning at Warsaw Chopin Airport, forcing the cancellation of 10 flights and stranding 1,400 passengers . While safety was not compromised, the carrier warned that even state-of-the-art systems could be vulnerable to such attacks.
Bristol Airport, UK (2018): A ransomware attack took down the airport’s flight information display screens for two days, blanking out arrival and departure info. Staff resorted to whiteboards and paper notices to keep passengers informed . The airport had to manually announce gate and baggage information until systems were restored.
Swissport International (2022): A ransomware attack on this global airport services firm (responsible for baggage handling, cargo, cleaning, etc.) disrupted operations at multiple airports. In Zurich, 22 flights were delayed when Swissport’s systems went offline, though delays were kept to under 30 minutes by reverting to backup processes . The incident highlighted the aviation supply chain’s exposure to cyber threats.
U.S. Airport Websites (2022): Pro-Russian hacktivist group “Killnet” launched coordinated DDoS attacks that knocked offline the public websites of about 14 U.S. airports – including LaGuardia, O’Hare, and LAX – in October 2022 . While these denial-of-service floods did not affect flight control or safety, they caused inconvenience by preventing travelers from accessing airport information online . (Killnet would later target Europe’s air traffic agency Eurocontrol with similar tactics in 2023.)

Each of the above incidents differed in tactics and impact – from ransomware crippling internal systems to brute-force disruption of public-facing services – but all illustrate the aviation sector’s susceptibility to cyber interference. The rise of digital connectivity in air travel, while improving efficiency, has also expanded the attack surface for malicious actors.

Why Are Airports a Prime Target?

Airports and airlines make enticing targets for cybercriminals and hackers because of their high stakes and interconnected systems. Modern air travel depends on a complex web of digital platforms that handle everything from ticketing and check-in to aircraft routing and baggage handling. Many of these systems are shared across multiple organizations or outsourced to third-party vendors, creating cascading risks: if an attacker compromises a widely used service (as happened with the Collins Aerospace incident), it can paralyze operations at numerous airports simultaneously . Aviation also has a low tolerance for downtime – even a brief outage can cause ripple effects of missed connections and logistical nightmares – which increases pressure on organizations to pay ransoms or meet hacker demands quickly. A recent industry report by aerospace firm Thales warned that every link in the aviation chain is vulnerable and noted a 600% increase in cyber attacks on the sector from 2024 to 2025 . Attackers recognize that hitting critical infrastructure like airports can yield outsized impact or publicity, whether their motive is financial gain (ransomware gangs extorting payouts) or political disruption (hacktivists protesting via DDoS). In short, the same connectivity that makes air travel convenient also makes it a prime target for cyberattacks .

Strengthening Cyber Defenses: Prevention Strategies

Given these threats, aviation organizations are urgently reevaluating their security measures. Experts emphasize several key strategies to bolster airport and airline cyber defenses:

Secure the Supply Chain: Third-party technology providers must be rigorously vetted and secured, as vulnerabilities in external systems can cascade into widespread outages . Frameworks like Europe’s new NIS2 Directive are pushing for tighter cybersecurity requirements on critical service suppliers to prevent incidents like the MUSE attack . Regular security audits, strict vendor access controls, and contractual cybersecurity standards are now essential in vendor management.
Assume Failure – Plan Backups: Airports should design systems with the expectation that primary networks will fail or be attacked. This means building in “graceful failure” modes and rehearsing manual or offline workflows that keep basic services running . For example, staff should train on reverting to paper boarding passes, manual baggage tagging, and offline flight dispatch procedures. Conducting regular drills ensures that if one system goes down, operations can continue with minimal disruption.
Avoid Single Points of Failure: Wherever feasible, diversify critical systems and suppliers so that a breach in one platform doesn’t halt all operations . Airports might use multiple check-in service providers or ensure airlines have independent alternatives. Network segmentation and tenant isolation are also crucial: isolating one airline’s or airport’s systems can prevent a compromise from spreading to others.
Zero-Trust Security: Adopting a “zero trust” model can help contain breaches. This approach means no user or device is implicitly trusted – instead, every access request is verified and monitored across the network . Strong identity management (like multi-factor authentication and least-privilege access for staff) makes it harder for attackers to pivot within or between systems. Some organizations are even leveraging AI-driven security tools to rapidly detect anomalies and cut off compromised accounts .
Proactive Vulnerability Management: Rather than only reacting to incidents, airport cybersecurity teams are urged to identify and fix weaknesses before attackers exploit them . This involves regular penetration testing, up-to-date patch management for both IT and OT (operational technology like baggage conveyors and fuel systems), and continuous monitoring for suspicious activity. By shoring up known gaps (in software, configurations, or employee practices), organizations reduce the chances of a successful attack in the first place.

Incident Response: Reacting to an Airport Cyberattack

No defense is foolproof, so having a robust response plan is equally critical. The recent Brussels/Heathrow incident highlighted some best practices in reacting to a cyber crisis:

Immediate Containment and Continuity: When systems go down, quickly switch to backup processes to maintain safety and basic services. In this case, airports fell back to manual check-ins and paper documentation within minutes of the outage . Bringing in extra staff to handle manual workflows and guide passengers can help alleviate bottlenecks . The goal is to keep flights moving (even if delayed) rather than halting operations entirely.
Clear Communication: Transparent, frequent communication is vital to managing traveler expectations and safety. Airlines and airports should promptly announce the issue and provide instructions – e.g. advising earlier arrival or alternate check-in options . During the Heathrow incident, staff used public address systems and even phones to coordinate boarding when digital scanners failed . Keeping customers informed can reduce frustration and prevent dangerous crowding.
Passenger Support and Safety: Cyber incidents often leave passengers stranded or confused, so airports must enact contingency plans to support them. This can include arranging refreshments or lodging for delayed travelers, prioritizing assistance to those with special needs, and manually rebooking connections. In severe disruptions, it may be wise to preemptively cancel a portion of flights (as Brussels Airport did) to avoid unsafe overcrowding and give staff bandwidth to assist affected passengers . Ensuring no one is put in physical danger due to a cyber-caused breakdown (for example, preventing overcrowded terminals or missed safety checks) is the top priority.
Collaboration with Cyber Authorities: It’s crucial to involve specialized cybersecurity teams and law enforcement quickly. In the UK, the National Cyber Security Centre engaged with Collins Aerospace and affected airports to diagnose the problem . Such collaboration can provide expert help in finding the breach, containing malware, and restoring systems securely, as well as preserve evidence for investigation. Many aviation agencies also coordinate through information-sharing networks, so reporting the incident promptly can alert others and potentially prevent the attack from spreading further.
Post-Incident Analysis and Hardening: Once the immediate crisis abates, organizations should conduct a thorough post-mortem. Understanding how the attackers breached the system – whether through phishing, software vulnerability, or insider action – is key to improving defenses. Airports and vendors will need to apply any necessary patches, shore up network architecture, and possibly rotate credentials or revoke access if it was a supply-chain compromise . Lessons learned must be translated into updated response plans and training, so that each incident makes the aviation ecosystem more resilient.

The Brussels Airport cyberattack and its continent-wide impact serve as a wake-up call about the fragility of digital infrastructure in air travel. When a single software failure can delay flights from London to Berlin in one swoop, it’s clear that cyber resilience is now as critical as physical security in aviation. Investing in preventative measures – from stronger vendor security to fail-safe system design – will be essential to stay ahead of threat actors. Equally important is cultivating a culture of preparedness, where airlines and airports regularly drill for technology outages just as they do for fire alarms or security incidents. As cyberattacks on transportation continue to rise in frequency and sophistication , the industry must treat them not as aberrations but as inevitable challenges to be managed. With robust defenses and practiced response plans in place, airports can ensure that when hackers attempt to bring air travel to a standstill, they are met with effective countermeasures that keep planes flying and passengers safe .