Cyberattacks Are Causing More Canceled Flights Around The World

If you experienced delays during your European flight this week, you are not alone, as airports across the continent were left scrambling after a cyberattack shut down critical check-in and boarding software. Europe's busiest airports were affected by the incident, including those in Berlin, Dublin, London, and Brussels. Hackers used one of the most common types of cyber attacks called ransomware, which prevents users from accessing critical files, systems, or networks until a ransom has been paid. The victim of the attack, American software developer Collins Aerospace, stated on Monday, September 22, 2025 (via the Guardian), that it is working with its four airport customers to resolve the issue. 

Unfortunately, the incident is the latest in a string of attacks targeting the global aviation sector. Such incidents are part of a broader trend in which ransomware hackers are targeting higher-profile victims and employing more sophisticated tactics. As ransomware attacks continue to evolve, a greater onus is being placed on both the private and public sectors to buttress themselves against potential risks. Rafe Pilling, director of threat intelligence at cybersecurity firm Sophos, told Reuters that the incident revealed "the fragile and interdependent nature of the digital ecosystem underpinning air travel."

The attack, which occurred on Friday, September 19, 2025, targeted Collins Aerospace's MUSE software, a popular passenger processing system deployed to roughly 100 airports and 300 airlines globally. According to Collins' parent company, defense and aerospace firm RTX, only electronic check-in and baggage drop systems were impacted by the security breach. While the company worked to restore functionality to the affected programs, staff at Brussels Airport, Berlin-Brandenburg, Dublin, and London Heathrow were encouraged to manually check in passengers.

While some systems were gradually brought back online over the weekend, flights continued to experience delays and cancellations. At Brussels airport, for instance, 63 of its arriving and departing Monday flights were cancelled. Berlin-Brandenburg, which experienced heavier airline traffic due to the Berlin Marathon, reported delays, although the airport spokesman stated (via the New York Times) that operations were "largely stable."

While law enforcement has identified the type of ransomware used in the attacks, the identity of the perpetrators is still unknown. Investigators have not ruled out the role of state-sponsored hackers in the attack. However, sophisticated private hacking groups are just as likely since ransomware attacks are commonly used by cybercriminals to extract large sums from victims.

The attack on Collins Aerospace reflects a growing issue in the cybersecurity world, in which cybercriminals increasingly target high-profile victims with disruptive ransomware attacks. The aerospace industry, in particular, has become a popular victim, with French aerospace company Thales reporting that cyberattacks on the aviation sector have increased sixfold since 2024. In December 2024, for instance, Japan Airlines was forced to delay flights after a cyberattack shut down one of its routers, forcing the carrier to delay flights and temporarily shut down ticket sales. 

The vulnerability of the global air travel to cyberattacks is nothing new, however, as the FBI warned that airlines would be a likely target for hackers following the high-profile Scattered Spider attacks on U.S. and U.K. retail sectors in July 2025. According to the warning, third-party IT providers — like Collins Aerospace — would be a likely entry point for hackers. At the time of the announcement, Hawaiian Airlines, WestJet, and Qantas had already been impacted by the scheme. Collins, for its part, has been cited by breach-tracking websites as previously experiencing a ransom attack in 2023, although the company has yet to confirm the allegations.

The airline industry isn't alone in the threat, as ransomware attacks continue to grow. Forbes reported that Semperis' 2024 Ransomware Risk Report found that 83% of IT professionals reported being the target of ransomware attacks, costing roughly $124 billion for U.S. businesses alone. For most observers, high-profile incidents like those orchestrated against Collins underscore the need for governments, businesses, and private citizens to protect themselves in an increasingly complex, hostile cybersecurity environment.