A cyberattack affected the operation of check-in systems at several European airports. Passengers faced dozens of canceled and delayed flights. The situation may deteriorate further at a minimum of one major airport.
Hackers attacked Collins Aerospace, whose self-service kiosks (ARINC SelfServ vMUSE) passengers used to check in, drop bags, and print boarding passes for their flights. Over the weekend, the U.S. company reported a “cyberattack-related outage” that caused software issues at “select airports across Europe.”
As a result, starting on Friday, September 19, 2025, the airports of Berlin, Brussels, and London experienced disruptions in electronic systems that paralyzed check-in and forced airline staff to seek alternatives (for example, filling out boarding passes by hand or using additional laptops). The scale of the impact varied, as the situation depended on how many vMUSE devices were installed at a given airport.
For example, Brussels Airport, which was hit the hardest, reported that it asked airlines to cancel about 140 flights scheduled for Monday, as the U.S. software provider affected by the attack “is not yet able to provide a new secure version of the check-in system.” The airport said that 25 flights were canceled on Saturday and another 50 on Sunday.
Also, according to Flightradar24, at Heathrow Airport, 90% of 350 flights were delayed by 15 minutes or more, and six were canceled on Sunday. The average delay was 34 minutes. On Saturday, another 13 flights were canceled, and the vast majority were delayed.
At the same time, the European Commission emphasizes that flight safety and air traffic management were not affected by the attack.
It is not yet clear who might be behind this attack. Cybersecurity experts believe it could be hacktivists or “state-sponsored” hackers.