An “incident” affecting check-in and bag-drop services provided by Collins Aerospace has continued to affect passenger services at three major European airports on Monday.
The exact nature of the issue, which struck on Saturday 20 September, has not been made public. Delays and flight cancellations have been confirmed at London Heathrow, Brussels (Zavantem) Airport, and Berlin.
Go deeper with GlobalData
Discover B2B Marketing That Performs
Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.
Although the systems provider Collins and its parent company RTX have not confirmed exactly what happened to its check-in operations at the airports, it is widely understood that a form of cyberattack has taken some systems, including the MUSE software, offline. The UK’s National Cyber Security Centre confirmed it was “working” on what it described as an “incident”.
“We are working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident,” it said.
On Monday, the European Union’s cyber security agency ENISA told news agency Reuters it had confirmed a ransomware attack was responsible for the problems.
“The type of ransomware has been identified. Law enforcement is involved to investigate,” it said.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataIn a public statement, Brussels Airport referred directly to a “cyberattack,” but stopped short of attributing blame.
“Following a cyberattack on the American company Collins Aerospace, the external provider of check-in and boarding systems, there are disruptions to check-in operations at several European airports, including Brussels Airport,” the statement read.
“The service provider is actively working on the issue and trying to resolve the problem as quickly as possible. At the moment it is still unclear when the issue will be resolved,” the airport added.
Meanwhile, management at Berlin Brandenburg Airport referred to a “technical malfunction” in its statement downplaying the incident and its effects. According to a statement on Sunday, the operations at BER were “calm and smooth” despite ongoing disruption and flight cancellations.
Ted Cowell, head of cybersecurity at S-RM, said it would be hard to identify the attacks quickly due to a difficult “threat landscape”.
“These attacks don’t always rely on exploiting technical or software vulnerabilities to gain a foothold in victims’ IT environments – they’re often highly persuasive social engineering campaigns that weaponise publicly available information to impersonate internal staff.
“The threat landscape has become increasingly fractured. S-RM’s latest report found our incident response team encountered 53 separate threat actors in 2024 – almost double the number seen in 2023,” he told Airport Technology.
According to the latest Cirium data, 217 flights have been cancelled across the three affected airports since Saturday (including both arrivals and departures).
