European Air Travel Update, Cyberattack and CPH Drones

Published on Sep 23, 2025, 9:45 am CDT

6 min read

Europe's airports are stabilizing after a vendor ransomware incident crippled check-in systems over the weekend, while Copenhagen Airport (CPH) and Oslo Airport (OSL) are back online following a multi-hour drone disruption late on September 22. Expect lingering lines at some hubs as carriers clear backlogs, plus scattered delays and residual cancellations into the morning and midday banks on September 23. Authorities say the software provider is completing fixes, and police in Denmark are investigating the drone incursion.

Key Points

Why it matters: A single vendor outage and a high-profile drone disruption hit European capacity and reliability.
Travel impact: Longer lines at check-in, residual delays, and limited cancellations at key hubs today.
What's next: Systems continue cyberattack recovery, police probe the drone disruption around CPH and OSL.
ENISA attributes the airport IT issues to ransomware at a third-party provider.
Danish police describe a "capable operator" behind the drones seen near CPH.

Snapshot

The weekend cyberattack targeted a Collins Aerospace platform used for automated check-in and bag drop, pushing airports to manual processing. London Heathrow Airport (LHR), Brussels Airport (BRU), Berlin Brandenburg Airport (BER), and Dublin Airport (DUB) reported the heaviest effects from September 20 through September 22, with Brussels thinning schedules to manage terminal flow. ENISA confirmed ransomware as the cause, and Collins says updates are being finalized. Separately, CPH suspended all operations for roughly four hours from 8:26 p.m. local time on September 22 after two to three large drones were observed, with Danish police citing a skilled operator. OSL reported related disruption the same evening. Both airports reopened, though delays persist as airlines re-position aircraft and crews.

Background

Common-use platforms such as Collins Aerospace's MUSE enable multiple airlines to share counters and kiosks, improving utilization in normal operations. When those systems are unavailable, throughput drops, lines lengthen, and baggage timing becomes inconsistent, especially during banked departure waves. Over the weekend, airports mitigated by shifting to manual check-in and online boarding passes where accepted. Brussels continued to pare schedules to prevent late-day scrubs and terminal gridlock, while Heathrow and Berlin reported gradual improvement as manual workarounds took hold. As of September 22, ENISA said ransomware was behind the third-party outage. On September 22 late evening, drone activity near CPH, and disruption at OSL, produced additional diversions and delays, compounding recovery. Investigations continue, and some officials have not ruled out hybrid-threat scenarios, although attribution remains unconfirmed.

Latest Developments

Drone disruption at Copenhagen, Oslo, and the knock-on recovery

Copenhagen Airport (CPH) halted takeoffs and landings for about four hours starting at 8:26 p.m. local time on September 22 after reports of two to three large drones maneuvering near the field. Danish police called the pilot a "capable operator," and the airport has since reopened. Authorities reported dozens of diversions and around 100 flight disruptions affecting roughly 20,000 travelers, with delays continuing into the morning as rotations and crews reset. Oslo Airport (OSL) also faced drone-related interruptions last night, prompting holds and reroutes. Investigations are active, officials have not made a final attribution, and safety agencies prioritized reopening with enhanced monitoring. Travelers should expect lines at document-check points and some re-timed departures as aircraft flow back to base.

Cyberattack recovery at European hubs enters next phase

Collins Aerospace says it is completing software updates after the ransomware incident that degraded automated passenger processing from September 20. The heaviest weekend impacts were at London Heathrow Airport (LHR), Brussels Airport (BRU), Berlin Brandenburg Airport (BER), and Dublin Airport (DUB), where manual counters, hand-written boarding passes in some cases, and schedule thinning kept operations moving. Brussels used pre-emptive cancellations to reduce gridlock, while Heathrow and Berlin reported progressive improvement. Expect a tapering delay profile today, with residual lines at morning and late-afternoon peaks. Passengers should check in online where possible, arrive within airport guidance, and build buffer time. This cyberattack recovery will continue to ripple as baggage backlogs and crew duty limits clear.

European air travel update, what to know now

Most flights are operating, but you can still encounter longer check-in lines, pockets of late running, and occasional cancellations at major gateways. Protect your itinerary by checking status frequently, using online check-in, and avoiding tight self-made connections through LHR, BRU, BER, and DUB today. For context on the weekend's outage and operational playbooks, see our prior coverage, Europe Air Travel Outlook After Cyberattack, and our earlier scene setter, Flight Delays in Chicago and Europe While Dallas Recovers. With investigations ongoing, this remains a live cyberattack recovery paired with last night's drone disruption.

Analysis

Two unrelated threats, ransomware and drones, exposed different chokepoints in Europe's aviation system. The cyberattack struck a shared vendor layer, MUSE, reducing passenger-processing throughput wherever deployed. Airports mitigated by shifting to manual check-in, which instantly cuts capacity per position, and by thinning schedules at the most constrained nodes. That approach favored predictability over raw volume, and it shortened the tail into the workweek. The drone disruption, by contrast, attacked airfield integrity directly, forcing a temporary airspace closure at Copenhagen Airport (CPH) and interruptions at Oslo Airport (OSL). Even with no physical damage, diversions and missed rotations scatter aircraft and crews, which show up as morning-after delays.

For travelers, today's risk is less about widespread cancellations and more about friction, lines, and knock-on timing. Expect the longest queues at peak waves, especially at long-haul banks with document checks. Online check-in, mobile boarding passes, and carry-on baggage still provide the best defense. For operators, this episode reinforces the need for kiosk offline modes, cross-training for rapid manual surges, and network-level playbooks that proactively trim flying where terminals or crews become the bottleneck. Airfield security teams will also revisit detection, counter-UAS coordination, and decision frameworks for rapid, safe resumption. European air travel's resilience depends on both cyber hardening and airside protection, and this week illustrated why both matter.

Final Thoughts

Today's European air travel update is cautiously positive. Most flights are running, cyberattack recovery is progressing, and CPH and OSL are operating after the drone disruption. Delays and a few cancellations will continue where manual processing remains and where last night's diversions broke rotations. Build buffer time through London Heathrow Airport (LHR), Brussels Airport (BRU), Berlin Brandenburg Airport (BER), and Dublin Airport (DUB), and watch for schedule trims designed to keep terminals flowing. As investigations proceed, the focus shifts to resilience, redundancy, and smarter passenger-flow management, all essential to a steadier European air travel experience.