Over the weekend of 19-21 September, a cyberattack affecting electronic check-in and baggage systems upended operations at multiple European airports.

Sizeable passenger hubs, including London Heathrow, Brussels, and Berlin Brandenburg were all forced to delay or cancel flights as a result of the attack. Airport staff managed the situation by conducting processes manually, including printing paper boarding passes and checking in passengers over the phone.

But what lessons can aviation learn from the incident, as the gaps in the industry’s digital infrastructure become ever more exposed?

Ransomware attacks on aviation up by 600%

The weekend disruption was caused by a technical issue with Collins Aerospace’s Muse software, which allows different airlines to share check-in desks and boarding gates. While parent company RTX is yet to disclose the motive behind the cyberattack, the European Union Agency for Cybersecurity (ENISA) told the BBC that ransomware was used to scramble the automatic check-in systems.

The aviation industry is a prime target for malicious hackers because it collects such huge volumes of traveller data, much of it sensitive. Passport details, credit card information, and personal identification information are all prime targets for ambitious ransomware hackers, who seek to breach data systems until their owners pay up to prevent the leak of confidential data.

Much of this data is processed through shared systems: Collins Aerospace’s Muse software is just one of many third-party platforms used in the aviation industry that can be targeted by bad actors. Data from multiple airlines can now be compromised in a single breach. Not surprisingly, a February 2025 report from SITA noted that cybersecurity was now the top overall IT concern of airlines and airports.

Research from Thales found that ransomware cyberattacks on the aviation industry had increased by 600% from January 2024 to April 2025. As well as the volumes of passenger information they can access, aviation is an attractive target for hackers because of the widespread disruption they can cause to increase pressure for payouts. The large numbers of unhappy passengers and overwhelmed staff seen at European airports over the weekend are testament to this.

How can aviation improve its cybersecurity defences?

The knock-on effect of data breaches not only causes global delays and cancellations, but also could leave aviation at the mercy of hefty fines. In Europe, GDPR means companies could be forced to pay millions in damages for inadequate cyber protection measures. For example, British Airways (BA) was fined £20 million in 2020 after an attack resulted in the theft of sensitive customer information, including names, addresses, and credit card information.

BA was able to handle the Collins Aerospace cyberattack much more successfully: thanks to backup software, the airline continued running as normal while its competitors at Heathrow were impacted. Collaboration and integration remain essential for aviation’s success, but BA’s management of the cyberattack nevertheless demonstrated that airlines and airports need to have their own systems in reserve should shared software unexpectedly collapse.

Reliance on third-party systems is only set to increase in the coming years as aviation adopts biometrics and artificial intelligence (AI) to streamline everything from check-in to arrivals. Airlines and airports need to be choosing partners with robust cybersecurity practices inbuilt into their software design.

Investment into sovereign data protection measures must also continue. In a challenging macroeconomic environment, it can be tempting to push investment towards revenue generation. Yet one cybersecurity error can wipe millions off a company’s market value in a single day, while leaving passengers stranded and dissatisfied at airports around the world.

Want to get more insights into cybersecurity in aviation? Join us at World Aviation Festival 2025, where dedicated panels will be discussing how AI, biometrics, and third-party software can be integrated without compromising cybersecurity. 

For more like this, see: