In September 2025, Europe’s busiest airport, London Heathrow, became the focal point of a major cyber incident that rippled across the continent. What began as a technical glitch at check-in counters soon escalated into widespread disruption, grounding flights, stranding passengers, and exposing just how vulnerable global aviation is to digital threats.
The Chaos Begins
On the night of September 19–20, passengers arriving at Heathrow expected smooth check-ins. Instead, self-service kiosks and baggage drop systems went dark. Online check-in stalled. Lines began to stretch across terminals as staff scrambled to open manual desks.
But it wasn’t just Heathrow. Airports in Brussels, Berlin, and Dublin also reported similar disruptions. The common thread? A third-party provider that supplies essential check-in and boarding systems.
Collins Aerospace MUSE Platform
The disruption was traced back to the MUSE (Multi-User System Environment) platform, which is operated by Collins Aerospace, a subsidiary of RTX Corporation. This system supports the passenger processing operations at many major airports.
Collins confirmed that the issue was not a random outage but rather a cyber-related disruption that European cybersecurity authorities later identified as a ransomware attack.
What makes this incident particularly alarming is its supply chain nature. The attackers did not need to breach each airport individually; by targeting one widely used service provider, they were able to cause chaos across multiple hubs in Europe.
The EU Agency for Cybersecurity (ENISA) later confirmed that ransomware was the weapon of choice in this incident. However, it remains unresolved whether the perpetrators were criminal gangs or state-sponsored actors.