Several European airports, including Brussels Airport, Heathrow, Berlin Brandenburg Airport, Dublin, and Cork, have been disrupted on Friday and in the weekend by a cyberattack on external service provider Collins Aerospace. Even though it’s been a few days, the fallout is still being felt.

The attack affected the American aviation company, which supplies software for check-in and boarding systems to various airports. Due to the disruption, check-in for many passengers was done manually, with handwritten boarding passes, which was much slower and sometimes resulted in long waiting times.

Flights were also canceled at all the airports involved. Today, the situation is under control at most airports, although there are still delays or canceled flights.

Global player

As is often the case with cyberattacks, the company involved usually does not provide further details about the circumstances and origin of the incident, and this is also true for Collins Aerospace. In a brief statement, it simply said it was “aware of a cyber-related disruption to our MUSE software at several airports,” adding that the impact was “limited to electronic check-in and baggage drop-off.”

The company, which specializes in aviation data processing, is a subsidiary of the American aerospace group RTX (formerly Raytheon). It offers its check-in services at 170 airports around the world.

Seven times more cyberattacks in aviation

Cyberattacks on service providers are becoming increasingly common, as they can target multiple users and large organizations by infiltrating a single system.

According to a recent report on cyber threats in aviation by defense and technology group Thales, there were 27 ransomware cyberattacks in aviation between January 2024 and April 2025. That is seven times more in a single year.

In a cyberattack, hackers block the system with ransomware and steal the data of thousands of passengers or clients, specifically all the details you provide when booking a flight, such as your name, address, date of birth, phone number, etc.

Only after paying a ransom will the victim receive the keys to unlock the data, and the stolen data will be deleted rather than being sold to criminals. In an interview with vrt.news, cyber expert Geert Baudewijns says that Collins Aerospace, which was also hacked two years ago, will have no choice but to pay a ransom of between 5 million and 10 million dollars.

Disruption is still being felt.

Although the disruption has now been largely resolved, it will still be noticeable today. At Brussels Airport, for example, most flights can proceed, but of the 277 departing flights, 40 have been canceled, and of the 277 arriving flights, 23 have been canceled. The average delay is currently half an hour.

It is not yet clear when the airport will be able to switch back to its regular check-in and boarding system, as Collins Aerospace had not yet delivered a secure, updated version of the software.

Check-in will therefore also be carried out in an alternative manner on Monday: with pen and paper, but also with laptops and iPads. Passengers can also check in online and print their own baggage labels at kiosks.

According to consumer organization Testaankoop, travelers whose flights have been canceled at Brussels Airport because of the cyberattack are entitled to a free alternative flight or a refund of their ticket.

A single supplier’s system is risky

For the moment, it is unclear who is behind the cyber-attacks. Still, some experts suggest that possible actors could include criminal groups or state-sponsored hackers, such as those with potential Russian involvement, although this is all highly speculative.

The incident, however, highlights the risks associated with multiple airports relying on a single supplier’s system.