Collins Aerospace/European airport systems hit by ransomware

A ransomware attack targeting Collins Aerospace’s vMUSE check-in and boarding software in September created widespread disruption at several major European airports, including London Heathrow, Brussels, Berlin Brandenburg, and Dublin. The assault began late Friday and rendered automated check-in kiosks and bag-drop systems inoperable, forcing airline staff to revert to manual paper-based processes. This rapid shift caused severe delays, extensive queues, and hundreds of flight cancellations, with Brussels Airport alone cancelling nearly 140 flights in a single day. The disruption continued throughout the weekend, with impacts lingering into the following week as airports struggled to recover.​
The source of the incident was later confirmed by the EU cybersecurity agency ENISA as a third-party ransomware attack, demonstrating a significant vulnerability in the aviation industry’s reliance on single software vendors for critical operations. National cybersecurity agencies and law enforcement were quick to get involved, highlighting the event’s seriousness.​
For the airline industry and security operations teams, the attack was a wake-up call. It showcased how third-party vendors can become single points of catastrophic failure and illustrated the potential for severe operational disruption not just data theft resulting from supply-chain attacks. The incident resulted in tangible business losses running into the low eight figures in just a few days, excluding further reputational harm and knock on effects. The attack underscored the urgent need for robust vendor risk management and supply chain cybersecurity practices across all critical sectors.