Overview of the Incident
A ransomware attack targeting a U.S.-based software provider, Collins Aerospace, caused significant disruptions to automated check-in systems at several major European airports over the weekend of September 20-21, 2025. The attack, which has been identified by the European Union Agency for Cybersecurity (ENISA), affected airports in London, Brussels, Berlin, and potentially others.
Affected Airports and Impact
The disruptions began on Friday evening and continued into the following week, causing dozens of flight cancellations and delays. Brussels Airport was particularly affected, with 25 outbound flights canceled on Saturday and 50 on Sunday. The airport requested airlines to cancel nearly 140 departing flights scheduled for Monday due to the ongoing issues with the check-in system.
Technical Details and Response
The attack disabled electronic check-in and boarding systems provided by Collins Aerospace, a subsidiary of RTX. This forced airline staff to resort to manual processes, including handwriting boarding passes. ENISA confirmed that the type of ransomware used in the attack has been identified and that law enforcement is involved in the investigation.
Passenger Experience and Airline Response
Passengers faced significant delays and cancellations, with many stranded at affected airports. Airlines and airport authorities worked to minimize disruptions and accommodate affected travelers. The incident highlighted the vulnerability of critical infrastructure to cyberattacks and the importance of robust cybersecurity measures.
Ongoing Investigation and Recovery
As of Monday, September 22, 2025, the investigation into the attack is ongoing, with ENISA and law enforcement agencies working to determine the origin and extent of the breach. Collins Aerospace and its parent company, RTX, are actively working to resolve the issue and restore full functionality to their systems.
Expert Insights
Conclusion and Implications
The ransomware attack on Collins Aerospace systems underscores the growing threat of cyberattacks to critical infrastructure, particularly in the aviation sector. The incident may have significant implications for the security and resilience of airport operations and the broader aviation industry.
Key Facts
- The attack occurred over the weekend of September 20-21, 2025.
- Multiple European airports were affected, including London Heathrow, Brussels, and Berlin.
- The attack targeted Collins Aerospace systems, used for check-in and boarding.
- Dozens of flights were canceled or delayed.
- The type of ransomware used has been identified.
- Law enforcement is involved in the investigation.
Future Developments
The ongoing investigation and recovery efforts will likely provide further insights into the attack and its implications for cybersecurity in the aviation sector.