Cyberattack Disrupts Major European Airports, Causing Widespread Flight Chaos Between 4 and 6 April, a sophisticated cyberattack targeted a shared IT platform used by airlines and airports across Europe, triggering cascading disruptions at key hubs. The incident paralyzed critical systems including check-in, baggage handling, and boarding at Heathrow, Charles de Gaulle, Frankfurt, and Copenhagen airports, forcing staff to revert to manual processes. The fallout was severe: over 1,600 flights were canceled or delayed on 6 April alone, with airlines activating emergency rosters and passengers advised to arrive early with printed itineraries. While Prague’s Václav Havel Airport was not directly affected, knock-on effects caused delays for several flights on Easter Monday and Tuesday as aircraft and crews were mispositioned. The attack exposed vulnerabilities in aviation’s digital infrastructure, prompting discussions on supply-chain resilience and duty-of-care obligations for businesses. Travel management firms in Prague have since updated contingency plans, recommending flexible bookings, digital visa backups, and buffer days for high-stakes travel. Cybersecurity analysts warn the incident may accelerate EU efforts to include aviation under the Critical Entities Resilience Directive, pushing airports to invest in network segmentation and offline backups. Prague Airport, which already has redundancy plans in its digital transformation strategy, is expected to prioritize these upgrades in response to the disruption.

The Everest ransomware gang claimed responsibility for a cyberattack on Collins Aerospace, a critical subsidiary of RTX (Raytheon Technologies), disrupting operations at major European airports, including Heathrow (London), Brussels, and Berlin. The attack targeted Muse software, crippling check-in and boarding systems, leading to flight delays, cancellations, and forced manual operations. Collins Aerospace is a key provider of avionics, mission systems, and defense technologies for commercial, military, and space applications, making it a high-value target in the global aerospace and defense supply chain. The breach raised concerns over potential access to classified or sensitive data, threatening national security, defense readiness, and critical infrastructure integrity. The Everest group’s leak site briefly vanished post-claim, fueling speculation of law enforcement intervention, panic, or strategic retreat due to the target’s sensitivity. The incident underscores the evolving ransomware threat, where attacks transcend financial extortion to geopolitical disruption, eroding trust in essential aviation and defense systems. The cascading impact on airport operations and military supply chains highlights vulnerabilities in interconnected critical infrastructure, demanding enhanced cross-sector cybersecurity collaboration to mitigate future risks.

A cyber attack on Collins Aerospace’s Muse software platform—used for flight check-ins, baggage handling, and boarding coordination—disrupted operations at major European airports, including Heathrow (UK), Berlin (Germany), and Brussels (Belgium). The attack forced airlines to manually process passengers, leading to flight cancellations, delays, and stranded travelers. While Collins confirmed the breach, no details were disclosed regarding the attacker’s identity, motive, or potential customer data compromise. The incident follows geopolitical tensions, with suspicions pointing toward state-backed Russian hackers targeting European infrastructure. Delhi and Bengaluru airports (India), which also use Muse, remained unaffected but are monitoring the situation. The attack highlights vulnerabilities in critical aviation software monopolies, where redundancies are limited, and disruptions cascade globally.

A cyber attack disrupted critical check-in and boarding systems at Heathrow Airport, leading to operational chaos. Around 70 flights were cancelled on Saturday morning, while dozens more faced delays of up to three hours. The outage forced staff to revert to manual check-in and boarding procedures, significantly slowing down passenger processing. The incident also impacted Brussels and Berlin airports, suggesting the breach targeted a shared third-party service provider responsible for automated airport systems. Travel expert Simon Calder warned of potential 'widespread cancellations' due to the ongoing disruption. The attack caused financial losses (refunds, compensations, operational costs), reputational damage (passenger frustration, media coverage), and logistical strain (staff overtime, rescheduling). While no data breach was explicitly reported, the operational halt and cascading delays across multiple airports highlight severe vulnerabilities in aviation infrastructure. The incident underscores risks tied to supply chain cyber attacks, where a single compromised vendor can paralyze major hubs.

Brussels Airport experienced a cyberattack on Friday evening that crippled its passenger and baggage check-in systems, forcing manual processing and causing significant operational disruptions. The attack, which also affected other European airports, targeted a third-party service provider’s systems. As of Saturday, nine flights were cancelled, and 15 departed with delays, with no immediate resolution expected. Passengers were advised to confirm flight statuses before arriving, as the outage led to processing bottlenecks and potential further cancellations. An investigation is underway to assess the full extent of the damage, but the incident has already resulted in financial losses (e.g., compensation, operational costs), reputational harm due to publicized delays, and potential long-term trust erosion among travelers and partners. The attack disrupted critical infrastructure, highlighting vulnerabilities in supply chain cybersecurity and the cascading effects of third-party breaches on large-scale operations.

Ransomware Attack Disrupts Check-In Systems at Major European Airports A ransomware attack targeting Collins Aerospace, a key supplier of automated check-in systems, caused widespread disruptions at several of Europe’s busiest airports on February 10–12, 2026. The incident, confirmed by the EU’s cybersecurity agency (ENISA), locked critical data and forced airports to revert to manual processes, leading to flight cancellations and delays. Affected Airports and Impact - Brussels Airport reported 29 cancellations and only 42% of flights departing on time, with staff using iPads and laptops for manual check-ins. - London Heathrow, Europe’s busiest airport, implemented contingency measures as airlines struggled with system outages. - Berlin Airport, already strained by high passenger volumes due to the Berlin Marathon, faced delays exceeding one hour for departures. - Dublin Airport experienced minimal impact, relying on manual boarding procedures, including handwritten passes. Scope and Response Collins Aerospace, owned by RTX, stated it was working with affected airports to restore full functionality, with updates nearing completion. ENISA confirmed law enforcement involvement but did not disclose the attack’s origin. Sophos threat intelligence director Rafe Pilling noted that while high-profile ransomware attacks are more visible, they are not necessarily increasing in frequency though their disruptive potential remains a growing concern for critical infrastructure. Broader Context The incident underscores the vulnerability of aviation systems to cyber threats. A recent Bitkom survey found ransomware as the most common cyberattack against German companies, with one in seven paying ransoms. Despite the disruption, analysts emphasize that large-scale attacks with physical-world consequences remain rare.

Collins Aerospace, a critical supplier in the aerospace and defense industry, fell victim to a ransomware attack that disrupted European airports by targeting its digital supply chain dependencies. The incident, highlighted in ENISA’s Threat Landscape 2025 report, exemplifies how cyber-attacks on high-value vendors can cascade into broader operational failures. While specific details on data compromise were not disclosed, the attack caused significant service outages, delaying flights and grounding operations across multiple airports reliant on Collins’ systems. The disruption underscored vulnerabilities in interconnected OT (operational technology) and supply chain networks, where a single breach can paralyze downstream services. ENISA warned that such attacks exploit critical dependency points, amplifying impact beyond the initial target. The incident aligns with a rising trend of threat actors leveraging ransomware to cripple essential infrastructure, with financial and reputational fallout extending to airlines, passengers, and regulatory bodies. No direct mention of data theft was made, but the operational halt suggests severe financial losses, reputational damage, and potential regulatory scrutiny for failing to secure supply chain resilience.

A cyber-attack disrupted Collins Aerospace’s Muse software, which manages electronic check-in and baggage systems for multiple airlines across European airports, including Heathrow, Brussels, and Berlin. The outage forced manual check-ins, causing multi-hour delays, missed connections, and operational chaos. While British Airways used a backup system, most airlines at Heathrow were severely affected, with passengers stranded in long queues, luggage tagging done manually, and boarding passes failing at gates. Brussels Airport faced flight cancellations and schedule reductions (50% capacity), while Dublin and Cork experienced minor delays. The incident disrupted thousands of travelers, including elderly and mobility-impaired passengers who missed critical flights (e.g., funerals, medical connections). Though no data breach or ransomware was reported, the attack exposed vulnerabilities in shared aviation infrastructure, echoing prior global IT failures (e.g., CrowdStrike 2024). Authorities, including the UK’s National Cyber Security Centre and the European Commission, intervened to mitigate fallout, but recovery extended into Sunday. The financial and reputational damage included operational costs, passenger compensation, and erosion of trust in digital airport systems.

European Airports Hit by Major Ransomware Attack, Stranding Thousands A weekend cyberattack disrupted check-in and boarding systems at multiple major European airports on September 20, 2025, causing widespread flight delays and cancellations. The incident, which affected Heathrow Airport Terminal 4 and other locations, left thousands of passengers stranded as airlines struggled with manual processing. The attack targeted Collins Aerospace, a subsidiary of RTX, though no ransomware group has yet claimed responsibility. Cybersecurity experts noted that while most ransomware operations focus on financial extortion, a growing subset of attackers particularly Western-based groups are pursuing high-profile targets for reputational clout within criminal networks. Rafe Pilling, Director of Threat Intelligence at Sophos, warned that these "outliers" are becoming more ambitious, prioritizing disruption over purely monetary gains. The European Union Agency for Cybersecurity (ENISA) confirmed the breach on September 22, highlighting the increasing boldness of cybercriminals. Martyn Thomas, Emeritus Professor of IT at Gresham College, cautioned that such attacks could escalate to critical infrastructure or healthcare systems, risking physical harm if motivations shift. The incident follows a pattern of rising high-impact ransomware attacks, including a 2024 breach of London’s Transport for London (TfL), which the UK National Crime Agency (NCA) attributed to the Scattered Spider group. That attack, linked to two teenagers, caused millions in losses and demonstrated the growing threat posed by organized cybercriminal networks. While the exact perpetrators of the airport hack remain unidentified, the event underscores the escalating risks of ransomware as attackers expand their targets and tactics.

A cyber-attack disrupted Collins Aerospace’s MUSE (Multi-User System Environment) passenger handling software, crippling check-in and boarding systems at major European airports, including Heathrow (London), Brussels, and Berlin. The attack forced airports to revert to manual check-in and baggage processing, causing hundreds of flight delays and cancellations, long passenger queues, and operational chaos. Passengers reported waiting up to three hours just to check in, leading to missed connections, heated confrontations, and widespread frustration. The incident highlighted vulnerabilities in the interdependent digital infrastructure of air travel, with prior reports suggesting Collins Aerospace had been targeted by ransomware-seeking hackers in 2023. While the company worked to restore systems, the disruption had cascading effects on travel logistics, airline reputations, and passenger trust, with some travelers stranded or forced to rebook flights. Authorities, including the UK government and European Commission, investigated potential state-sponsored involvement (e.g., Russia), though no definitive attribution was confirmed at the time.