RTX discloses ransomware impact on MUSE passenger systems, no material effect claimed

Rhea-AI Filing Summary

RTX Corporation disclosed a ransomware-related product cybersecurity incident affecting its MUSE passenger processing software, which enables airlines to share check-in, gate and baggage handling resources. The affected MUSE systems run on customer-specific networks outside RTX's enterprise environment. Upon detection on September 19, 2025, RTX activated its incident response plan, engaged internal and external cybersecurity experts, notified law enforcement and government agencies, and is assisting affected airlines and airports. Customers have shifted to backup or manual processes, causing certain flight delays and cancellations. RTX states the incident is under investigation and, to date, has not had and is not reasonably expected to have a material impact on its financial condition or operations.

Positive

• Immediate response: RTX activated its incident response plan and engaged internal and external cybersecurity experts.
• Law enforcement notified: Company reported it informed domestic and international law enforcement and certain government agencies.
• Customer support: RTX is providing technical support and guidance to affected airlines and airports.
• Containment claim: Company states the incident has not had and is not reasonably expected to have a material impact on financial condition or operations.

Negative

• Ransomware incident: Product cybersecurity incident affected MUSE passenger processing software used for check-in, gate and baggage handling.
• Operational disruptions: Customers shifted to backup/manual processes, causing certain flight delays and cancellations.
• Ongoing investigation: Potential for additional adverse findings, remediation costs, regulatory inquiries or litigation as investigation continues.
• Third-party risk: MUSE operates on customer-specific networks, indicating exposure in customer environments that may complicate remediation and liability.

Insights

Financial Analyst

TL;DR: Operational disruption to airline customers reported; RTX currently reports no material financial impact.

RTX's disclosure is concise and focused on operational remediation rather than financial metrics. The company emphasizes that MUSE operates on customer networks, which may limit RTX's direct operational exposure. Key points for investors are the company's immediate activation of its incident response plan and engagement with law enforcement, which can reduce escalation risk. The statement that the incident has not had and is not reasonably expected to have a material impact is important but contingent on ongoing investigation results. Financial impact remains uncertain pending further findings, potential regulatory inquiries, remediation costs, or customer claims.

Cybersecurity Risk Analyst

TL;DR: Ransomware impacted MUSE passenger systems; response and notifications underway, investigation ongoing.

From a cybersecurity risk perspective, RTX reports appropriate immediate actions: containment, remediation efforts, external expertise, and law enforcement notification. The fact that MUSE systems reside on customer-specific networks reduces exposure to RTX's enterprise environment but raises third-party risk considerations for customers and service continuity. Reported flight delays and cancellations indicate tangible operational impact for customers. The company's assessment that the incident is not material is plausible now but depends on findings about data compromise, remediation scope, and potential regulatory or litigation outcomes.

false000010182900001018292025-09-192025-09-190000101829us-gaap:CommonStockMember2025-09-192025-09-190000101829rtx:Notes2.150Due2030Member2025-09-192025-09-19

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

____________________________________ 

FORM 8-K

____________________________________ 

CURRENT REPORT

Pursuant to Section 13 OR 15(d) of The

Securities Exchange Act of 1934

Date of Report (Date of earliest event reported): September 19, 2025

____________________________________ 

RTX CORPORATION

(Exact name of registrant as specified in its charter)

____________________________________ 

Delaware			001-00812			06-0570975
(State or other jurisdiction of incorporation)			(Commission File Number)			(IRS Employer Identification No.)

1000 Wilson Blvd., Arlington, Virginia 22209

(Address of principal executive offices, including zip code)

(781) 522-3000

(Registrant's telephone number, including area code)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instruction A.2.):

☐			Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
☐			Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
☐			Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
☐			Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of each class			Trading Symbol(s)						Name of each exchange on which registered
Common Stock ($1 par value)			RTX						New York Stock Exchange
(CUSIP 75513E 101)
2.150% Notes due 2030			RTX 30						New York Stock Exchange
(CUSIP 75513E AB7)

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).

Emerging growth company   ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.   ¨

Item 8.01. Other Events.

On September 19, 2025, RTX Corporation (the “Company”) became aware of a product cybersecurity incident involving ransomware on systems that support its Multi-User System Environment (“MUSE”) passenger processing software. This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling. The MUSE airport systems operate outside of the RTX enterprise network, residing on customer-specific networks.

Upon detecting the incident, the Company activated its incident response plan and promptly took steps to assess, contain, respond to and remediate the incident. The Company is diligently investigating the incident with the assistance of internal and external cybersecurity experts and has notified domestic and international law enforcement authorities and certain other government agencies.

The Company is also communicating with its customers and other stakeholders and providing technical support and guidance to affected airlines and airports. Our customers have shifted to back-up or manual processes and have experienced certain flight delays and cancellations.

While our investigation and assessment of this product cybersecurity incident is ongoing, it has not had a material impact and is not reasonably expected to have a material impact, on the Company’s financial condition, business operations or results of operations.

Cautionary Statement Regarding Forward-Looking Statements

This Current Report on Form 8-K contains statements which, to the extent they are not statements of historical or present fact, constitute “forward-looking statements” under the securities laws. These forward-looking statements are intended to provide management’s current expectations or plans for our future operating and financial performance, based on assumptions currently believed to be valid, and are not statements of historical fact. Forward-looking statements can be identified by the use of words such as “believe,” “expect,” “expectations,” “plans,” “strategy,” “prospects,” “estimate,” “project,” “target,” “anticipate,” “will,” “should,” “see,” “guidance,” “outlook,” “goals,” “objectives,” “confident,” “on track,” “designed to, ” “commit,” “commitment” and other words of similar meaning. Forward-looking statements may include, among other things, statements relating to future supply management practices, policies and plans for procurement of materials, risk management practices, supply chain infrastructure and efforts to improve supply chain transparency. All forward-looking statements involve risks, uncertainties and other factors that may cause actual results to differ materially from those expressed or implied in the forward-looking statements. For those statements, we claim the protection of the safe harbor for forward-looking statements contained in the U.S. Private Securities Litigation Reform Act of 1995. Factors that might cause the Company’s actual results to differ materially from those anticipated in forward-looking statements include, but are not limited to the Company’s ongoing assessment of the impacts of the cybersecurity incident, including the Company’s potential discovery of additional information related to the incident in connection with its investigation or otherwise; the Company’s expectations regarding its ability to contain and remediate the cybersecurity incident; the impact of the cybersecurity incident on the Company’s relationships with customers, employees, and governmental regulators; the legal, reputational, and financial risks resulting from the cybersecurity incident, including as may arise from any potential regulatory inquiries and/or litigation to which the Company may become subject in connection with the incident; remediation and other additional costs that may be incurred by the Company in connection with the investigation and remediation of the incident. The forward-looking statements speak only as of the date of this Current Report or, in the case of any document incorporated by reference, the date of that document. We undertake no obligation to publicly update or revise any forward-looking statements, whether as a result of new information, future events, or otherwise, except as required by applicable law. For additional information on identifying factors that may cause actual results to vary materially from those stated in forward-looking statements, see the reports of the Company, United Technologies Corporation and Raytheon Company on Forms S-4, 10-K, 10-Q and 8-K filed with or furnished to the Securities and Exchange Commission from time to time.

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

			RTX CORPORATION
			(Registrant)
Date: September 24, 2025			By:			/s/ RAMSARAN MAHARAJH
						Ramsaran Maharajh
						Executive Vice President & General Counsel

FAQ

What systems did the RTX (RTX) cybersecurity incident affect?

The incident affected the MUSE passenger processing software, which supports shared check-in, gate and baggage handling for multiple airlines.

When did RTX report the ransomware incident?

RTX reported becoming aware of the incident on September 19, 2025.

Has RTX said whether the incident impacted its financial results?

RTX stated the incident has not had and is not reasonably expected to have a material impact on its financial condition, business operations or results of operations.

Did the incident cause service disruption for airlines?

Yes. Customers shifted to backup or manual processes and experienced certain flight delays and cancellations.

What actions did RTX take in response to the incident?

RTX activated its incident response plan, is assessing, containing and remediating the incident, engaged cybersecurity experts, notified law enforcement and is providing technical support to affected customers.