Hackers attack Europe’s automatic flight check-in systems — flight delayed and cancelled after Collins cyberattack

A cyberattack on Collins Aerospace brought parts of Europe’s airport infrastructure to its knees this weekend, after a backend outage hit the company's cloud-based check-in system and knocked out self-service kiosks across multiple major hubs. The software in question — Collins’ common-use MUSE platform — powers many airports’ passenger processing stacks, allowing airlines to share check-in desks, kiosks, and boarding infrastructure through a single backend. On Saturday, that single point of failure failed.

We're going manual

Heathrow, Berlin Brandenburg, and Brussels Zaventem were among the major airports affected, with Brussels cancelling 45 out of 257 departing flights and warning passengers of delays up to 90 minutes. Heathrow said most flights were still running but slowed by manual fallback procedures, while Berlin suspended kiosk access altogether and shifted to direct airline processing.

Collins confirmed that the disruption was the result of a “cyber-related incident,” but has not disclosed the type of attack. What is clear is that the cMUSE outage exposed just how fragile Europe’s airport IT stack has become. Designed to be flexible and scalable, cMUSE can be hosted in the cloud or deployed on-prem, but many airports rely on the cloud variant, which centralizes passenger data and logic for easier airline integration.

According to Collins’ own documentation, cMUSE supports web-based agent stations, kiosk fleets, and mobile check-in endpoints through a centralized management plane. That’s great for cost and updates, but not so great when that control layer goes dark. On-site systems like bag tag printers and biometric scanners are often integrated directly with MUSE, so they’re not immune either.

EU directive to the rescue?

The EU’s NIS2 directive, which comes into force in October, broadens the legal definition of “critical infrastructure” to include not just airlines and airports, but IT suppliers that provide essential digital services to them. EASA’s Part-IS rules, in parallel, are meant to bring aviation-grade cybersecurity to exactly these kinds of shared platforms, including common-use systems for baggage and check-in.

It’s not yet clear how much of Collins’ cMUSE infrastructure went down, or how many airline DCS links were affected. But it’s clear that fallback worked only because staff rolled back to manual processes, not because systems failed gracefully. Heathrow said Sunday that it was continuing to recover from the outage, adding that “the vast majority of flights have continued to operate”.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!