Sep 23, 2025 00:25:00

The EU cybersecurity agency announced that the reason for the frequent delays and cancellations at several European airports was a ransomware attack by a third party

The European Union's (EU) cybersecurity agency

, the European Agency for Network and Information Security (ENISA) , has announced that a series of delays and cancellations at European airports that began over the weekend of September 3, 2025, was caused by a ransomware attack.

EU agency confirms ransomware attack behind airport disruptions | Reuters
https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/

EU cyber agency confirms ransomware attack causing airport disruptions | TechCrunch
https://techcrunch.com/2025/09/22/eu-cyber-agency-confirms-ransomware-attack-causing-airport-disruptions/

Over the weekend of the third week of September 2025, numerous flight delays and cancellations occurred at London Heathrow Airport in the UK, Berlin Airport in Germany, and Brussels International Airport in Belgium. It was revealed that Collins Aerospace, which provides the check-in system used by airlines, was the victim of some kind of cyberattack. However, the details of the cyberattack remain unknown.

Hundreds of thousands of passengers at airports including Heathrow and Berlin faced flight delays and cancellations due to a cyber attack on check-in system vendor Collins Aerospace - GIGAZINE

When TechCrunch contacted ENISA, they said, 'ENISA is aware of the ongoing disruption to airport operations caused by a third-party ransomware attack. At this time, ENISA is unable to share further details about the cyberattack.'

The ransomware attack targeted Collins Aerospace, which provides check-in systems for several airports, including Berlin Airport, Brussels International Airport, and London Heathrow Airport. ENISA said it is working with the affected airports to restore services.

Collins Aerospace has already revealed that it has been the victim of a cyber attack, and that the attack targeted MUSE, the passenger processing system used by the company for electronic customer check-in and baggage drop-off.

TechCrunch has reached out to Collins Aerospace for comment, but has not received a response at the time of writing. Therefore, it is unclear at the time of writing what group or individual is behind this cyber attack.

Leif Pilling, director of threat intelligence at British cybersecurity company Sophos, said that while there has been an increase in ransomware attacks targeting celebrities to gain attention, there has been no increase in the frequency of cyberattacks targeting public transport systems or businesses like this one.

'Destructive attacks are becoming more visible in Europe, but visibility does not necessarily equate to frequency,' Pilling told Reuters. 'Truly large-scale, destructive cyber attacks with real-world repercussions remain the exception rather than the rule.'

According to an independent survey of approximately 1,000 companies conducted by

Bitkom , a German industry association for the digital media industry, ransomware attacks have become the most common form of cyber-attack, with one in seven companies having been hit by ransomware and having to pay a ransom.

Collins Aerospace announced that it was in the final stages of recovering from the cyberattack on September 22, 2025. The Berlin Marathon was held in Berlin, Germany, on September 21, so Berlin Airport on September 22 was busier than usual. However, due to the ransomware attack, the check-in system had not yet been restored, and some flights were delayed by more than an hour, Reuters reported.