Skip to main content
close search
site logo

RTX confirms hack of passenger boarding software involved ransomware

The parent company of Collins Aerospace said the attack is not expected to have a material impact on financial results, according to an SEC filing.

Published Sept. 26, 2025
David Jones's headshot
Reporter
Passengers arrive at Terminal 5 as flights resume at Heathrow on March 22, 2025 in London, England. A September 2025 cyberattack against a third-party vendor delayed flights out of numerous European airports, including Heathrow.
Passengers arrive at Terminal 5 as flights resume at Heathrow on March 22, 2025, in London after a fire at a nearby electricity sub-station took out the power and grounded aircraft. A September 2025 cyberattack against a third-party vendor delayed flights out of numerous European airports, including Heathrow. Alishia Abodunde via Getty Images

RTX Corp., the parent firm of Collins Aerospace, confirmed that ransomware was used in the hack of its airline passenger processing software, in a filing with federal regulators

The attack, discovered on Sept. 19, has disrupted flights across Europe since last week, including at London’s Heathrow Airport, Brussels Airport, and airports in Berlin and Dublin. 

The Multi-User System Environment software, known as MUSE, is used by multiple airlines to check-in and board passengers and is also used to track baggage, according to the filing with the U.S. Securities and Exchange Commission. 

Virginia-based RTX said the MUSE system operates on a customer-specific network outside of the company’s enterprise network.

U.K. authorities said Wednesday that a man in his 40s had been arrested on suspicion of violating the Computer Misuse Act. The police investigation is ongoing. 

RTX is working with a team of internal and third-party forensic experts to investigate the attack and has notified U.S. and international law enforcement agencies. The company has also notified government authorities about the incident. 

The company said it notified customers about the attack and is providing technical support to airlines and airports affected. 

The company noted that while the investigation is ongoing, it does not expect the attack to have a material impact on operations or its financial condition.

Heathrow said the vast majority of its flights are operating normally, but in a post on X it advised passengers to arrive three hours early for long-haul flights,

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
BeyondTrust Delivers Identity Security Controls for AI, Turning Agent Visibility into Action
From BeyondTrust
September 16, 2025
BeyondTrust logo
CyberFOX and MSP Process Announce Strategic Partnership to Deliver End-User and Technician Ver…
From CyberFOX
September 24, 2025
CyberFOX logo
Appknox Launches KnoxSpy, Breaking Open MDM-Locked Mobile Traffic for Real-Time Security Testi…
From Appknox
September 16, 2025
Appknox logo
UserTesting Releases UserTesting Verified™, a New AI-Driven Fraud Prevention Capability to Hel…
From UserTesting
September 17, 2025
Editors' picks
Latest in Cyberattacks
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.