Cyberattack on Collins Aerospace Disrupts Operations at Major European Airports

Thousands Stranded as Check-In Systems Fail Across Continent as Cyberattack on Collins Aerospace Disrupts Operations at Major European Airports.

A sophisticated cyberattack targeting Collins Aerospace, a key provider of aviation technology and a subsidiary of RTX Corp, has thrown major European airports into chaos, causing widespread flight delays, cancellations, and passenger frustration on Saturday, September 20, 2025. Airports in London Heathrow, Brussels, Berlin Brandenburg, and others reported severe disruptions to electronic check-in and baggage handling systems, forcing manual operations and leading to hours-long queues.

Officials estimate thousands of travelers were affected, with the incident highlighting vulnerabilities in global aviation infrastructure amid rising cyber threats from state actors and criminal groups. As investigations unfold, RTX has confirmed the attack’s limited scope but warned of lingering impacts into Sunday, prompting calls for enhanced cybersecurity measures across the sector.

The breach, detected early Saturday morning, affected a cloud-based platform used for passenger processing, echoing past incidents like the 2021 SolarWinds hack but focused on aviation logistics.

No group has claimed responsibility, but experts speculate involvement from Russian-linked hackers or ransomware syndicates, given recent escalations in cyber warfare tied to the Ukraine conflict. European aviation authorities have activated contingency plans, but the event underscores the fragility of interconnected systems in an industry still recovering from pandemic-era disruptions.

The Attack Unfolds: Timeline of Disruptions Across Key Hubs

The cyber incident began around 6 a.m. CEST, when Collins Aerospace’s systems went offline, triggering alarms at multiple airports reliant on their software for check-in, boarding passes, and baggage tagging.

London’s Heathrow Airport, one of Europe’s busiest with over 80 million passengers annually, was among the hardest hit. By mid-morning, hundreds of flights faced delays of up to four hours, with several cancellations reported on routes to the U.S. and Asia.

Heathrow issued a statement advising passengers to arrive early and prepare for manual check-ins, citing the “cybersecurity incident” at their service provider.

In Brussels Airport, operations ground to a near halt, with electronic boards displaying error messages and staff resorting to handwritten boarding passes.

Berlin Brandenburg Airport, still plagued by operational teething issues since its 2020 opening, saw over 50 flights delayed, exacerbating weekend travel peaks. Other affected sites included Amsterdam Schiphol and Frankfurt, though to a lesser extent, as some airports switched to backup systems more swiftly.

RTX, Collins Aerospace’s parent company, acknowledged the attack in a midday update: “The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations.” By evening, partial recovery was reported, but full restoration is expected by Monday, with residual delays possible. The European Union Aviation Safety Agency (EASA) monitored the situation, urging airlines to communicate transparently with passengers entitled to compensation under EU regulations.

Passenger Stories: Chaos, Frustration, and Resilience on the Ground

Eyewitness accounts paint a picture of pandemonium. At Heathrow’s Terminal 5, British Airways passenger Sarah Thompson described “endless lines snaking through the hall” as staff manually verified documents. Families with young children and elderly travelers bore the brunt, with some missing connections and facing overnight stays. In Brussels, a group of American tourists bound for a European tour vented on social media: “Stuck for hours – no info, no apologies,” one X post read, garnering thousands of retweets.

Airlines like Lufthansa and Ryanair offered vouchers and rebookings, but the sheer volume overwhelmed resources. One positive note: Manual processes, while slower, prevented total shutdowns, a lesson from the 2017 NotPetya attack on Maersk that crippled global shipping.

Technical Breakdown: How the Cyberattack Exploited Aviation Vulnerabilities

Collins Aerospace provides integrated solutions for avionics, including the ARINC system used for passenger data exchange. The attack likely involved ransomware or a distributed denial-of-service (DDoS), encrypting or overwhelming servers hosted on cloud platforms like AWS or Azure. Cybersecurity firm CrowdStrike, in a preliminary analysis, suggested phishing or supply-chain compromise as entry points, similar to the 2024 MOVEit breach affecting British Airways.

Experts like Kevin Beaumont, a former Microsoft threat analyst, warned on X that aviation’s reliance on legacy systems makes it a prime target: “These disruptions are dress rehearsals for larger attacks.” The incident follows a pattern: In July 2025, a similar hack on U.S. airports via CrowdStrike updates caused global outages, costing billions.

No safety risks to flights were reported, as air traffic control remained unaffected, but the economic toll could reach millions in lost revenue and compensations.

Investigations and Attribution: Fingers Point to Geopolitical Motives

The U.K.’s National Cyber Security Centre (NCSC) and EU’s ENISA are leading probes, with FBI assistance due to RTX’s U.S. base. Early indicators suggest state-sponsored actors; Russian groups like APT28 (Fancy Bear) have targeted infrastructure before, amid tensions over Ukraine aid. Alternatively, ransomware gangs like LockBit could be seeking payouts.

RTX has not disclosed ransom demands, but sources indicate data exfiltration may have occurred, risking passenger privacy. European Commission President Ursula von der Leyen called for “swift attribution and response,” pledging funds for cyber resilience under the NIS2 Directive.

Broader Implications: Calls for Reform in Aviation Cybersecurity

This attack amplifies demands for robust defenses. The International Air Transport Association (IATA) urged mandatory cyber drills, while airlines lobby for government subsidies on upgrades. In the U.S., the FAA has accelerated quantum-resistant encryption pilots, a model Europe might adopt.

For passengers, it’s a reminder to check travel insurance and apps like FlightAware for updates. As one stranded traveler told PBS, “In 2025, how are we still vulnerable to this?” As systems recover, the incident serves as a wake-up call: In an interconnected world, cyber threats can ground even the skies.