A cyberattack on Collins Aerospace’s MUSE software has caused widespread delays and cancellations at Heathrow and major European airports, exposing vulnerabilities in digital infrastructure and prompting urgent calls for enhanced cybersecurity measures in the aviation sector.
Heathrow Airport, alongside several major European airports, experienced significant flight delays and cancellations following a cyberattack on September 19, 2025, which disrupted electronic check-in and baggage handling systems. The attack targeted the MUSE software provided by Collins Aerospace, a system used by multiple airlines to facilitate shared check-in desks and boarding gates. According to the airport’s initial communication, the disruption was described as a “technical issue,” but further details revealed its cyber-related nature, prompting operational adjustments including manual check-in and boarding processes to mitigate passenger impact.
Brussels Airport reported some of the most severe consequences, cancelling nine flights and advising airlines to reduce departing flights by half between September 20 and September 22 to manage ongoing system issues. Passengers faced long queues and extended wait times as baggage tagging and check-in procedures reverted to manual methods. In contrast, Heathrow’s operations were reported to be less severely affected, with British Airways utilising backup systems to maintain service continuity, though most other airlines at the airport experienced disruptions. Berlin’s Brandenburg Airport also noted delays and longer waiting times due to the system outage.
The parent company of Collins Aerospace, RTX, acknowledged the cyber disruption and confirmed efforts to resolve the issue as swiftly as possible. They emphasised the impact was limited to electronic check-in and baggage drop-off systems, which could be alleviated through manual operations. Industry observers point to the attack exposing vulnerabilities in the aviation sector’s reliance on third-party digital infrastructure. Travel journalist Simon Calder told the BBC that disruptions at interconnected hubs like Heathrow could have cascading effects, affecting flight connections and the broader network.
Passengers conveyed the frustration caused by the delays and operational uncertainty. For instance, some reported lengthy queues exceeding two hours, with passengers being checked in manually over the phone, only to face boarding pass scanning issues at gates. Accessibility challenges were also highlighted, such as a passenger unable to secure necessary mobility assistance due to system outages.
Cybersecurity experts have speculated on the nature of the attack, with some suggesting it might be a ransomware incident—though the origin remains unclear. While there have been unfounded allegations linking the breach to Kremlin-sponsored hackers, the consensus among analysts is that recent cyberattacks on critical infrastructure are more commonly perpetrated by financially motivated criminal groups operating globally. Many known hacking groups are based in Russia or former Soviet states, though arrests worldwide suggest a diverse geography of cybercriminal activity, including actors from the UK and the US.
This incident follows other notable technological disruptions impacting UK airports in recent years, including border control system outages in 2024 that caused passport processing delays but were not attributed to cyberattacks. The recurring technological vulnerabilities and coordination complexities underline the importance of robust and resilient systems within the aviation industry to safeguard operational integrity and passenger experience against evolving cyber threats.
Heathrow has deployed additional staff to support check-in areas and advised passengers to verify flight statuses with their airlines before travelling, aiming to ease the disruption during this period. Transport Secretary Heidi Alexander confirmed government monitoring of the situation and efforts to receive regular updates on the unfolding event.
The broader European aviation network continues to manage the fallout from the cyberattack, underscoring the critical need for enhanced cybersecurity measures across the sector to prevent future incidents that can severely disrupt air travel and airport operations.
📌 Reference Map:
Source: Noah Wire Services
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
8
Notes:
The narrative is based on a press release from CediRates, dated September 20, 2025, reporting on a cyber-attack affecting Heathrow and other European airports. The earliest known publication date of substantially similar content is September 20, 2025, with coverage by reputable outlets such as AP News and Reuters. The report includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged. The narrative has been republished across various platforms, including low-quality sites and clickbait networks. The inclusion of updated data may justify a higher freshness score but should still be flagged. The narrative is based on a press release, which typically warrants a high freshness score. No discrepancies in figures, dates, or quotes were identified.
Quotes check
Score:
7
Notes:
The narrative includes direct quotes from various sources. The earliest known usage of these quotes is from the press release dated September 20, 2025. No identical quotes appear in earlier material, indicating potential originality. However, the wording of some quotes varies slightly across different reports, suggesting possible paraphrasing. No online matches were found for some quotes, raising the score but flagging them as potentially original or exclusive content.
Source reliability
Score:
6
Notes:
The narrative originates from CediRates, a source that is not widely recognised and lacks verifiable information. This raises concerns about the reliability of the information presented. The report mentions entities such as Collins Aerospace and RTX, which are verifiable and reputable organisations. However, the lack of a verifiable source for the narrative itself is a significant concern.
Plausability check
Score:
8
Notes:
The narrative describes a cyber-attack affecting Heathrow and other European airports, leading to flight delays and cancellations. This aligns with reports from reputable outlets such as AP News and Reuters, confirming the plausibility of the claims. The narrative includes specific details, such as the involvement of Collins Aerospace’s MUSE software and the response from RTX, which are consistent with other reports. The language and tone are consistent with typical corporate communications, and the structure is focused on the claim without excessive or off-topic detail. No inconsistencies or suspicious elements were identified.
Overall assessment
Verdict (FAIL, OPEN, PASS): OPEN
Confidence (LOW, MEDIUM, HIGH): MEDIUM
Summary:
The narrative reports on a cyber-attack affecting Heathrow and other European airports, leading to flight delays and cancellations. While the content is based on a press release, which typically warrants a high freshness score, the source’s reliability is questionable due to the lack of verifiable information about CediRates. The quotes appear original, and the claims are plausible, aligning with reports from reputable outlets. However, the overall assessment is ‘OPEN’ with a ‘MEDIUM’ confidence rating due to concerns about the source’s reliability.
Supercharge Your Content Strategy
Feel free to test this content on your social media sites to see whether it works for your community.
