Ransomware attack on Collins Aerospace triggers flight disruptions across Europe

A ransomware attack on Collins Aerospace, a major US-based aviation services provider, has caused widespread delays and cancellations at airports across Europe as staff resorted to manual check-in and baggage procedures.

The incident was first detected late on Sept. 19 and continued into Sept. 20, affecting the company’s ARINC Multi-User System Environment, a platform used by airlines for electronic check-in, baggage management, and shared passenger-facing services. The disruption impacted operations at airports including London Heathrow, Berlin Brandenburg, Brussels, and Dublin.

The European Union Agency for Cybersecurity (ENISA) confirmed Monday that ransomware was responsible for the outage. “ENISA is aware of the ongoing disruption of airports’ operations, which were caused by third-party ransomware incident,” a spokesperson said, adding that further details could not yet be shared.

The UK’s National Cyber Security Centre (NCSC) said it was working with Collins Aerospace, the Department for Transport, and law enforcement to assess the scale of the attack. “All organisations are urged to make use of the NCSC’s free guidance, services and tools to help reduce the chances of a cyber attack and bolster their resilience in the face of online threats,” the agency noted.

Collins Aerospace, headquartered in North Carolina, is part of RTX, which also owns aerospace and defense manufacturers Pratt & Whitney and Raytheon. Neither Collins nor RTX has disclosed the scope of the attack or confirmed whether sensitive data was compromised.

Heathrow Airport said recovery efforts are underway but acknowledged ongoing delays. “Work continues to resolve and recover from an outage of a Collins Aerospace airline system that impacted check-in,” a spokesperson said. “We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.”

The identity of the attackers remains unknown. Although the Scattered Spider hacking group has previously targeted aviation firms, no link to this incident has been established. Cybersecurity experts warned that the incident illustrates the fragility of critical aviation IT systems.

“When the supply chain is attacked in the aviation industry, the disruption hits on a damaging global scale,” said Jake Moore, global cybersecurity advisor at ESET. “This shows how a single point of failure can ripple quickly across multiple countries causing widespread problems. Regulators need to tighten standards even more for critical aviation IT suppliers.”

Authorities and industry leaders continue to investigate the attack while airports work to stabilize services.