European airports hit by cyberattack: what the Collins Aerospace outage means for travelers, airlines, and everyday life

What actually happened

On Saturday, September 20, 2025, a cyberattack knocked out parts of Collins Aerospace’s MUSE check‑in and baggage-drop software, disrupting operations at major European hubs including London Heathrow, Brussels, and Berlin. Airports fell back to manual check‑in, and schedules frayed: delays piled up and some flights were cancelled as crews printed boarding passes old‑school and tagged luggage by hand. Collins’ parent, RTX, said the issue was “cyber‑related,” affected select airports, and could be mitigated with manual processes while they worked on a fix. Brussels warned the knock‑on effect would carry into Sunday, cancelling roughly half of departures to reset the operation.

Why this matters beyond a long airport line

This wasn’t an airline outage or a single airport’s bad day—it was a third‑party tech failure rippling across multiple independent systems. In modern aviation, a handful of vendors run the digital plumbing: check‑in, bag drops, gate readers. When one of those pipes bursts, everyone downstream gets wet. The European Commission said safety and air traffic control were unaffected and there’s no sign of a “widespread or severe” attack, but even a localized incident can scramble thousands of trips, crew rotations, catering schedules, and aircraft maintenance slots. That’s why one airport cancelling half of the next day’s flights can actually be the fastest way to get the network back on time.

The human angle (and a dash of comic relief)

For passengers, the experience was part time‑travel, part patience test. Self‑service kiosks were down, so agents became speed typists, and travelers rediscovered ancient rituals like “arrive early” and “line up nicely.” It’s a reminder that the tech we barely notice—bag tag printers, barcode readers, boarding gate scanners—is the silent hero of smooth trips. When it blinks, the whole symphony misses a beat. Think of it like an orchestra where the triangle player stops; you wouldn’t expect chaos—until you realize the triangle secretly keeps time for everyone.

How this connects to other recent news

Europe has seen a string of high‑impact cyber incidents in critical industries this year. Earlier this month, a major cyberattack crippled Jaguar Land Rover’s production systems, with knock‑on risks for a vast supplier base—very different sector, same lesson: one compromised system can stall an entire enterprise and its partners. Aviation’s outage underscores that supply‑chain cyber risk is now a board‑level issue everywhere, not just a problem for IT.

What’s likely going on under the hood

Investigators haven’t publicly confirmed the culprit or technique. Given what’s visible—targeted disruption to a multi‑user, multi‑airport software platform—two usual suspects are ransomware (encrypt or corrupt key services) or a compromise of credentials/configuration that forces systems offline. The fact that manual workarounds kept flights moving suggests the attack hit the check‑in/ground side rather than air traffic or navigation systems, which are more segregated and regulated. In other words, the “front door” for passengers jammed, but the “high‑security vault” for aircraft remained locked and operational.

What this means for you (and your next trip)

• Build buffer time: Until systems fully stabilize, expect occasional queues as airports clear backlogs. Check airline apps for rebooking options before joining a counter line.
• Go hybrid: If online check‑in works, complete it and bring a digital and paper copy of your boarding pass; it speeds manual processing when kiosks are down.
• Pack light and label well: Tag bags clearly and keep essentials in carry‑on. When automation stumbles, tidy bags and readable labels help ground staff move faster.

Fresh perspectives and where this could lead

Incidents like this will push airlines and airports to de‑risk vendor concentration and invest in graceful degradation: designing processes that stay functional when a single service fails. Expect to see:

• More redundancy: Parallel check‑in systems from different providers, offline‑capable mobile tools for staff, and pre‑printed fallback barcodes for boarding.
• Sector‑wide drills: Just as airlines practice snow‑day playbooks, you’ll see standardized “cyber‑day” procedures to recover schedules quickly.
• Clearer transparency: Passengers will get more proactive alerts as airports adopt obligations to disclose third‑party incidents faster.

For the broader economy, this is part of a trend: digital interdependence amplifies small failures into big headaches. It’s not all doom and gloom—each disruption is also a forcing function to harden infrastructure. If operators learn the right lessons here—more segmentation, stronger identity controls, resilient-by-design systems—the next “big outage” might feel like a minor inconvenience rather than a travel meltdown.

The bottom line

Yesterday’s cyberattack shows how a single software layer can tug on Europe’s entire travel sweater. The good news: safety wasn’t compromised, manual backups worked, and the recovery is underway. The challenge now is turning a rough weekend into smarter systems—so your next airport story is about the vacation, not the queue.