A powerful cyberattack late on Friday paralyzed passenger services at major European airports, causing widespread delays and cancellations. According to BBC, the attack targeted the servers of Collins Aerospace, disrupting MUSE software used for check-in, boarding and baggage handling across airlines worldwide. Operations at London’s Heathrow, Brussels Airport and Berlin Brandenburg were significantly affected, with long queues forming over the weekend.
Widespread disruptions and ongoing investigations
Flight tracking service FlightAware reported hundreds of delays throughout Saturday as airports struggled to manage the fallout. The UK’s National Cyber Security Centre confirmed it is working with Collins Aerospace, British airports, the transport ministry and law enforcement to assess the full impact of the incident. The European Commission said it is closely monitoring the situation. The identity of the attackers remains unknown, but experts suspect ransomware aimed at data theft, though state-backed actors could also be involved.
Rising cyber risks to aviation sector
Cybersecurity experts point to a surge in ransomware activity targeting aviation. French defense firm Thales SA reported a 600% increase in ransomware incidents in 2025, affecting airlines, airports, navigation systems and related services. In Germany, a Bitkom study cited by Reuters estimated cyberattacks caused €300 billion in damages over the past year, with nearly half of identified intrusions traced to Russia and China. Analysts warn that such attacks highlight how one breach at a key IT provider can paralyze an entire sector.
Broader context and global vulnerabilities
The aviation sector has faced repeated digital shocks. In July, a faulty update from U.S. cybersecurity firm Crowdstrike triggered a global IT outage that halted flights across the United States. The latest attack underscores that airports and other critical infrastructure — from energy grids to financial systems — remain prime targets. Experts argue that proactive defense, international cooperation, and strict cybersecurity audits for suppliers are essential to reduce exposure. They stress that cyberattacks transcend borders, making cross-border information sharing and coordinated responses a global necessity.
