Multiple major European airports are experiencing widespread delays and cancellations after a ransomware attack on Collins Aerospace’s MUSE passenger-handling system disrupted check-in and boarding processes.
The incident, confirmed on Sept. 22 by the European Union Agency for Cybersecurity (ENISA), has forced airlines and airports to rely on manual fallback procedures while restoration efforts continue.
Brussels Airport asked carriers to cancel about half of all departures scheduled for Monday, while London Heathrow and Berlin Brandenburg reported long queues and slower processing as staff handled check-in manually.
Eurocontrol, the European air traffic management body, confirmed that disruptions are linked to passenger-handling systems rather than air traffic control operations.
System Recovery and Official Response
Collins Aerospace said the issue stemmed from a “cyber-related disruption” that affected its MUSE system at “select airports.” The company added it is in the “final stages” of restoring services, although a timeline for full recovery has not been provided. Automated kiosks and baggage drop facilities remain unavailable in several airports.
ENISA stated that law enforcement has identified the incident as a ransomware attack affecting a third-party provider. “The type of ransomware has been identified and authorities are investigating,” ENISA said in its latest update. No actor has claimed responsibility for the attack, and the agency has not disclosed whether data was exfiltrated or encrypted.
Airports Most Affected
Brussels Airport was among the hardest hit. The airport authority issued a notice to airlines to reduce capacity by 50 percent on Sept. 22, citing the inability to process passengers efficiently through the automated system. Travelers reported extended waiting times at check-in counters and security lines as airlines attempted to rebook passengers or transfer them to later flights.
Berlin Brandenburg also faced significant delays, compounded by additional passenger demand linked to the Berlin Marathon over the weekend. Long queues developed as ground handlers manually processed boarding passes and baggage. London Heathrow, one of Europe’s busiest hubs, confirmed that flights were operating but warned of longer wait times as manual check-in measures were in place.
In Dublin, airport authorities reported only limited effects. While some check-in processes slowed, the overall operation of flights was less severely impacted than at other hubs. Eurocontrol said the disruptions did not affect flight safety or air traffic control systems, but operational efficiency remained reduced.
Wider Impact on Passengers and Airlines
Tens of thousands of passengers were affected across Europe as airlines struggled to manage queues and cancellations. Many carriers were forced to adjust their schedules or consolidate flights to cope with reduced check-in capacity. The reliance on manual boarding slowed turnaround times, creating knock-on delays across flight networks.
Airlines operating at Brussels said the cancellation of half the departures was necessary to prevent congestion inside the terminal and to maintain safety standards. At Heathrow and Berlin, some passengers faced waits of more than two hours to check in, although most flights ultimately departed with delays rather than cancellations.
Ongoing Investigation and Next Steps
Authorities are continuing to investigate the ransomware incident in cooperation with national cybersecurity units and airport operators. ENISA confirmed that the attack originated with a third-party service provider used by Collins Aerospace, underscoring the risks associated with external vendors in aviation IT infrastructure.
Collins Aerospace has not provided further details about the ransomware strain involved or whether a ransom demand was issued. The company reiterated that its teams are working “around the clock” to restore full functionality at affected airports. It also stressed that it is coordinating with customers and regulators to minimize passenger disruption.
The incident highlights vulnerabilities in the digital systems that underpin airport operations across Europe. While backup procedures allowed flights to continue, the scale of delays and cancellations demonstrated the dependency of airports on centralized IT systems. The absence of automated baggage handling also contributed to longer turnaround times and limited operational flexibility.
The attack came amid heightened tensions between NATO and Russia, with recent reports of Russian military aircraft and drones entering airspace near Poland, Romania and Estonia. The timing of the cyberattack, following Collins Aerospace’s announcement of the NATO contract, has fueled speculation about possible geopolitical motives, though no evidence has been presented.
As of mid-day Sept. 22, full restoration of Collins Aerospace’s MUSE system had not yet been confirmed. ENISA and airport authorities urged passengers to allow additional time for check-in and to monitor airline communications for updates on flight schedules. Until system recovery is complete, travelers at Brussels, Berlin and London should expect ongoing delays and potential cancellations.
