More European Flights Continue To Be Canceled Following Cyberattack

A recent cyberattack on a popular flight management software continues to disrupt flights throughout the European Union. The affected software, MUSE, assists airlines in managing automated check-in processes for passengers, including dropping off baggage, tagging checked-in bags, distributing boarding passes, and more. Without this critical software, which is owned by the U.S.-based company Collins Aerospace, airlines have been forced to manually check in passengers and cancel other flights altogether.

As of Saturday, September 20, 2025, three major airports in Europe were affected. This includes Heathrow Airport in London, Brussels Airport in Belgium, and Berlin Brandenburg Airport in Germany. These airports were experiencing varying levels of interruption, with each launching its own response. 

At Heathrow Airport, London's largest and busiest hub, most flights remained on schedule. Passengers were expected to travel as usual, with the exception of slower check-in times for some flights. In Brussels, more than half of the flights scheduled to depart on Monday, September 22, were ordered to be cancelled. Travelers in Berlin were facing long lines and flight delays. As of this writing, the situation is ongoing and developing.

Authorities are currently investigating who is responsible for the aviation cyberattack in Europe. However, we do know that this was a ransomware attack, meaning the perpetrators have hacked into the software and taken control of it until they receive a ransom. Experts say that they don't see any evidence of a larger malicious intent affecting other airlines or airports (via AP News). However, some people with knowledge of the attack suggest that organized crime, state actors, or individual hackers may be responsible for the incident.

This event comes on the heels of increasing cyberattacks on airlines and airports. In fact, over the past year, these kinds of attacks have increased by about 600%, according to the BBC. Cybersecurity experts suggest that this attack demonstrates vulnerabilities for more potential ransomware attacks at other airports. 

This has raised concern among travelers, especially those in the United States, where airport security has undergone changes in recent years. The Transportation Security Administration (TSA) announced in June 2025 that it would stop requiring passengers to remove their shoes when going through security. Additionally, a host of travel advisories and restrictions have been announced in the past few months, causing changes to who can travel to the U.S. (and who might need to reconsider their plans).

Passengers who plan on traveling to or from one of the three affected airports in the next few days should check the status of their flight before they head to the airport, especially if they don't live near their departure location. Additionally, even if you're not traveling to or from one of these places, it's important to see if you might be traveling through them. For instance, you might connect in Heathrow on your way to Paris, or in Brussels on your way home from Amsterdam. If you do have a connection in one of these destinations, your flight might also be delayed, cancelled, or otherwise impacted.

If your flight is expected to continue as scheduled, you should check in at home directly with your airline on your personal device. That's because the cyberattack affected software at the airports, but not that of individual airlines. This can save you from waiting in line or encountering any issues at the check-in gate.

As for what's ahead during this major upheaval in the travel world, the airport at Brussels still expects 10% of flights to be affected through Tuesday, according to official spokespeople in Belgium (via The Brussels Times). At Heathrow in London, which is already among the most stressful airports in Europe, travelers might have to wait in longer queues due to delayed check-in and boarding processes.