Man arrested after cyberattack disrupts European airports

Cyberattacks against the aviation sector have increased by 600% over the past year

A man has been arrested in the UK following a cyberattack that caused major disruption at airports across Europe, including Heathrow, Dublin, Berlin and Brussels.

The National Crime Agency (NCA) confirmed that the suspect, a man in his forties, was detained in West Sussex on Tuesday evening on suspicion of offences under the Computer Misuse Act. He has since been released on bail.

The incident centred on Collins Aerospace, a subsidiary of RTX Corporation, whose Muse check-in and baggage handling platform is used by multiple airlines. The ransomware attack effectively disabled the software, forcing airports to fall back on manual, paper-based processes and triggering widespread flight delays and cancellations.

Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing. Cybercrime is a persistent global threat that continues to cause significant disruption to the UK.”

An internal Heathrow memo, seen by the BBC, revealed that Collins Aerospace has been attempting to restore services but may now need to completely rebuild parts of the system after a failed relaunch earlier this week. RTX has not given a timeline for recovery, leaving airlines reliant on contingency measures.

The EU’s cybersecurity agency has confirmed ransomware was involved. Security researchers suggest a variant of HardBit ransomware may have been deployed, a relatively unsophisticated strain that nonetheless caused severe operational impact.

For the aviation industry, the incident highlights the risks inherent in shared systems and supplier reliance. A single compromise at the software supplier rippled out across multiple airports, illustrating the vulnerabilities within complex supply chains.

According to aerospace company Thales, cyberattacks against the aviation sector have increased by 600% over the past year, as criminal groups increasingly look to exploit legacy infrastructure and the high cost of downtime.