Breach taxonomy
Summary
On September 19, 2025, RTX Corporation identified a ransomware incident on systems supporting its Multi-User System Environment (MUSE) passenger processing software, which enables multiple airlines to share check-in and gate resources at airports including baggage handling. The MUSE systems reside on customer-specific networks outside the RTX enterprise network. Airlines and airports shifted to backup or manual processes and experienced certain flight delays and cancellations. RTX engaged internal/external cybersecurity experts and notified domestic and international law enforcement and government agencies. The incident was not expected to have a material financial impact. Filed under Item 8.01; materiality not yet formally determined as of filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the ransomware incident to a specific actor category -> UNKNOWN.
MethodsRansomware
Filing explicitly states 'ransomware on systems that support its Multi-User System Environment (MUSE) passenger processing software' -> RANSOMWARE.
AssetsProduct ServiceThird Party Process
Ransomware impacted the MUSE passenger processing software product (PRODUCT-SERVICE) and disrupted airport check-in, gate, and baggage operations at multiple customer airlines (THIRD-PARTY-PROCESS).
EffectsBiz Interruption
Airlines and airports were forced to shift to backup or manual processes and experienced flight delays and cancellations -> BIZ-INTERRUPTION.
Business continuityPartial
Customers shifted to backup or manual processes and experienced certain flight delays and cancellations, indicating BCP was activated but only partially effective in preventing disruption -> Partial.
Impact
Ransomware on widely-deployed airline passenger processing software (MUSE) caused flight delays and cancellations at multiple airlines globally; RTX is a major aerospace/defense company but incident was in an isolated customer network and not assessed as material -> score 3.
InsuranceNot disclosed
Filing makes no mention of insurance -> null.
Read the original SEC filing excerpt
Item 8.01. Other Events. On September 19, 2025, RTX Corporation (the "Company") became aware of a product cybersecurity incident involving ransomware on systems that support its Multi-User System Environment ("MUSE") passenger processing software. This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling. The MUSE airport systems operate outside of the RTX enterprise network, residing on customer-specific networks. Upon detecting the incident, the Company activated its incident response plan and promptly took steps to assess, contain, respond to and remediate the incident. The Company is diligently investigating the incident with the assistance of internal and external cybersecurity experts and has notified domestic and international law enforcement authorities and certain other government agencies. The Company is also communicating with its customers and other stakeholders and providing technical support and guidance to affected airlines and airports. Our customers have shifted to back-up or manual processes and have experienced certain flight delays and cancellations. While our investigation and assessment of this product cybersecurity incident is ongoing, it has not had a material impact and is not reasonably expected to have a material impact, on the Company's financial condition, business operations or results of operations.