UK authorities announce arrest in cyberattack that disrupted European airports

Britain’s National Crime Agency (NCA) said it has arrested a man as part of an investigation into a cyberattack that disrupted flights at Heathrow and several other European airports over the weekend.

NCA officers detained a man in his forties from West Sussex on suspicion of computer crime. He was later released on conditional bail, the agency said on Wednesday.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” Paul Foster, deputy director of the NCA’s National Cyber Crime Unit, said in a statement.

The agency did not name the suspect or say whether he acted alone or as part of a wider cybercriminal group.

The incident, first reported on Sept. 19, crippled check-in and baggage systems at major airports including London Heathrow, Brussels, Berlin and Dublin, leaving thousands of passengers facing long queues and prompting hundreds of flight delays and cancellations.

The attack targeted the vMUSE self-service software supplied by Collins Aerospace, a subsidiary of U.S. defense giant RTX, which supports passenger check-in, baggage tagging and boarding. The European Union’s cybersecurity agency ENISA said on Monday that it had identified the type of ransomware used but did not disclose details.

Airport operators across Europe warned on Wednesday that disruptions were ongoing. Berlin’s airport said its check-in and baggage handling systems had yet to be restored and warned of further delays and cancellations. Brussels Airport also reported limited disruption.

London’s Heathrow said most flights were operating normally but urged passengers to check schedules before travelling. Dublin Airport said operations were “moving well,” though some airlines were still relying on manual workarounds.

Collins Aerospace said on Monday it was in the “final stages” of restoring its systems but has not issued further updates.