When a cyberattack hits an airport, the ripple effects are immediate. Thousands of passengers stranded, airlines scrambling, and national infrastructure tested. That is exactly what Europe witnessed on September 19, 2025, when a disruption at a key service provider knocked out check-in and boarding systems at multiple airports.
At the center is Collins Aerospace, a global provider of passenger-processing systems. Its MUSE software runs critical functions like check-in, baggage tagging, and boarding pass issuance at airports worldwide. When it went down, Brussels Airport, Berlin Brandenburg Airport, and London Heathrow were among the hardest hit. Cybersecurity agencies in Germany and the UK are now investigating.
The attack disrupted electronic check-in and baggage handling, forcing airports to fall back on manual processes. For travelers, that meant standing in long lines, waiting for paper boarding passes, and watching flights slip off schedule. What looks like a small IT outage on paper quickly became an operational choke point for tens of thousands of people.
The disruption began on Friday night, September 19, 2025, and carried into Saturday, September 20. Brussels reported nine cancellations, four diversions, and at least 15 serious delays by the next morning. Other airports braced for ripple effects as the weekend travel rush intensified.
The impact was most visible at Brussels, where 35,000 passengers were expected to depart on Saturday alone. Berlin Brandenburg saw long check-in queues but avoided outright cancellations. Heathrow, Europe’s busiest hub, reported “minimal” disruption thanks to backup systems used by some airlines. Still, the sight of manual check-ins at one of the world’s most advanced airports underscored the severity of the issue.
This incident was not about one airline or one country. It was about concentration risk. When multiple airports across Europe depend on the same vendor, a single compromise becomes a continental problem. Manual fallback options can soften the blow, but they cannot scale to modern passenger volumes. This is why attackers see such third-party service providers as high-value targets.
The lesson is clear: resilience is not just about defending your own perimeter. It is about knowing and testing the security of your partners and providers.
To move forward, airports and airlines must:
Cyberattacks like this prove that supply chain risk is no longer a theory. Threat actors know that hitting one vendor can create chaos across borders and industries. With ThreatMon’s supply chain intelligence, organizations can monitor vendor exposure, detect early warning signals, and protect themselves before a disruption becomes a crisis.
More posts
Share this article
Found it interesting? Don’t hesitate to share it to wow your friends or colleagues
Subscribe to our blog newsletter to follow the latest posts
