Cyberattack on Collins Aerospace Throws European Airports Into Chaos

Travelers across Europe faced mass disruption over the weekend after a cyberattack on a key aviation technology provider crippled check-in and boarding systems at major hubs including Heathrow and Berlin. Airlines were forced to process passengers manually, causing widespread delays and cancellations.

Collins Aerospace, a Charlotte, NC-based company, confirmed what it described as a “cyber-related disruption” affecting its MUSE software, though at the time of reporting it had not provided full details. The European Union Agency for Cybersecurity (ENISA) later identified the incident as a ransomware attack. Internal memos from Heathrow suggested Collins’ attempts to relaunch systems failed because attackers still had access to the network.

A Familiar Pattern

The chaos echoed last year’s global outage linked to CrowdStrike, where a faulty software update shut down millions of devices across airlines, banks and emergency services, causing billions in losses. It also follows other recent disruptions in aviation, including outages at Alaska Airlines and an electrical fire that forced Heathrow to close for more than 16 hours in March.

The aviation industry is an attractive target for cybercriminals. A June report from French defense company Thales revealed a 600% spike in ransomware attacks against the sector in a single year. Earlier this year, Google and cybersecurity firm Palo Alto Networks warned that the hacking group known as “Scattered Spider” had focused its efforts on airlines.

High-Impact Targets

Cyber experts note that attackers go after industries where the pressure to pay is greatest. The more people affected, the higher the potential ransom demand. Ransomware has already wreaked havoc in other sectors, with British retailer Marks & Spencer losing an estimated £300 million ($403 million) in sales earlier this year after a cyber incident.

Systemic Weakness

The incident highlights the risks of overreliance on a handful of third-party providers. Just as the CrowdStrike-Microsoft outage exposed vulnerabilities in global cloud computing, the Collins attack revealed how dependent aviation is on centralized systems. With only a small number of vendors serving multiple airlines and airports, a single breach can ripple across the continent.

Building Resilience

Airlines have limited influence over the market structure but can invest in contingency planning. Experts suggest diversifying technology vendors, despite the added cost, to reduce exposure to single points of failure. Stronger incident response strategies are also essential, particularly as hackers increasingly use generative AI to expand the reach of phishing attacks.

Regulators are pushing for change. Europe’s new NIS2 directive requires companies in key sectors, including aviation, to report major cyber incidents within 24 hours and to adopt stricter cybersecurity standards. Whether that will drive long-term resilience remains to be seen.

For now, the industry’s response still appears largely reactive—scrambling to contain each crisis rather than investing in the systemic protections needed to withstand the next one.

Photo Credit: DepositPhotos.com