EU airport disruptions caused by ransomware attack on Collins Aerospace MUSE

Europe experienced a major disruption to its airports over the weekend, after hackers attacked biometric check-in and boarding systems provided by Collins Aerospace.

Heathrow Airport in London, Berlin Brandenburg Airport in Germany and Belgium’s Brussels Airport were among the facilities that experienced delays and cancellations as a result of the breach. According to the Associated Press, Brussels was hit hardest, asking airlines to cancel nearly 140 departing flights scheduled for Monday, because “Collins Aerospace is not yet able to deliver a new secure version of the check-in system.”

What has been confirmed as a ransomware attack has also had minor impacts on Dublin and Cork Airports in Ireland.

In other words, repercussions are ongoing. Perpetrators have not yet been identified, but possibilities include organized crime or state actors. (Ransomware is a popular tool for disrupting a target’s systems and demanding a ransom in bitcoin to reverse the damage.)

The attack targeted Collins’ ARINC cMUSE (Multi-User System Environment) common-use passenger processing system (CUPPS), which enables multiple airlines to share check-in desks and departure gates, rather than having to maintain dedicated infrastructure. It affected computer systems at check-in desks and baggage drops, but not self-service kiosks.

Collins Aerospace is a subsidiary of RTX Corp., which also owns major U.S. weapons contractor Raytheon. It provides biometric kiosks and facial recognition systems at e-gates at a variety of airports globally, including the SelfServ Common Use Self Service (CUSS) kiosk integrated with the biometric SelfPass solution, which is deployed at Heathrow. So far in 2025, Collins Aerospace has announced integrations at Ninoy Aquino International Airport (NAIA) in Manila, Philippines, and with Fiji Airports.

It has referred to the attack only as a “cyber-related disruption” and otherwise declined to comment.

The BBC reports that, as of Monday morning, the company is “in the final stages of completing updates to the system needed to restore full functionality.”

Per BankInfoSecurity, Collins Aerospace underwent a “putative ransomware attack by the BianLian ransomware operation in 2023,” which saw around 20 gigabytes of data stolen.

Cyberattacks in the aviation sector have increased by 600 percent over the past year, according to a recent report by Thales.

Article Topics

airport biometrics  |  Collins Aerospace  |  cybersecurity  |  passenger processing  |  ransomware