Particle.news
Download on the App Store
18 ARTICLES
·
2h ago

ENISA Confirms Ransomware Behind Europe Airport Check-In Disruptions as Recovery Continues

Officials say dependence on Collins Aerospace’s shared check-in platform left multiple hubs vulnerable to cascading disruption.

Image
Image
A view of cancelled and delayed flight information displayed at a flight information board as technical issue causes by a cyberattack on a third-party system provider led to congestion in Heathrow Airport, in London, United Kingdom on September 20, 2025.

Overview

  • ENISA said a ransomware attack on a third-party provider caused the outages and confirmed law enforcement is investigating, with no group publicly claiming responsibility.
  • Collins Aerospace’s MUSE/ARINC SelfServ cMUSE software that powers check-in, boarding and baggage drop was targeted, forcing airports to switch to manual procedures.
  • Heathrow reported the vast majority of flights operating with some longer processing times, while Berlin continued to see delays and manual check-in.
  • Brussels Airport used iPads and laptops for check-in and said about 60 of roughly 550 flights on Monday were canceled as restoration work progressed.
  • Collins, owned by RTX, said it is in the final stages of software updates to restore services, as a BBC-reported Heathrow memo warned more than 1,000 computers may be corrupted and suggested intruders persisted in rebuilt systems.