U.K. authorities report arresting a man in his 40s connected to last week’s cyberattack that halted passenger check-in systems at several of Europe’s busiest airports, severely disrupting air travel across the continent.
The National Crime Agency (NCA) confirmed Tuesday that the suspect was detained in West Sussex on suspicion of offenses under the Computer Misuse Act. He was questioned and released on conditional bail as inquiries continue.
“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said Paul Foster, head of the NCA’s National Cyber Crime Unit. He added in a follow-up statement, highlighting the wider threat: “Cybercrime is a persistent global threat that continues to cause significant disruption to the U.K. Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public.”
The attack, which began on Friday, targeted systems operated by Collins Aerospace, a division of RTX Corporation, that supplies automated check-in and boarding software to airlines globally. The disruption cascaded through Europe, forcing airports in London, Brussels, Berlin, and Dublin to switch to manual processing.
In Brussels, staff used iPads and laptops to process check-ins, while at Berlin Brandenburg Airport, passengers recalled being given handwritten boarding passes. A traveler told Reuters the situation felt like “going back to the 1980s.”
By midweek, many airports struggled to restore normal operations. Berlin Brandenburg warned passengers on Wednesday of “longer processing times, delays, and cancellations by airlines despite the mobilization of all available resources.” The airport sought “alternative solutions to minimize the impact” but cautioned that disruption would persist until Collins Aerospace systems were fully restored.
London’s Heathrow, handling over 200,000 passengers daily, reported that the “majority of flights are operating as normal” by Wednesday morning. However, officials urged passengers on long-haul flights to arrive early, given the possibility of check-in delays. Brussels Airport, meanwhile, advised travelers to expect “limited disruption” as more staff were deployed to manage queues.
Experts argue the breach exposes vulnerabilities rooted in airlines’ extensive reliance on shared digital systems. Cybersecurity researcher Kevin Beaumont stated on social media that the attack appeared linked to HardBit ransomware, a strain known for targeting critical infrastructure. While officials have not confirmed this, investigators are probing whether criminal groups exploited vendor software to magnify the outage.
Collins Aerospace and its parent, RTX, have issued limited public statements, acknowledging only the cyber incident and thanking law enforcement for their response. Industry analysts highlight that the company’s technology serves dozens of airlines worldwide, intensifying the consequences of any breach.
The attack follows a series of recent ransomware campaigns that have disrupted sectors from healthcare to retail. In July, a similar breach at a third-party IT vendor forced several British companies, including large supermarket chains, to suspend parts of their operations.
For Europe’s aviation sector, the lessons are clear. “Airports cannot depend on a single point of failure for passenger processing,” said London-based risk consultant James Sullivan. “Contingency plans must be rigorously tested, and reliance on vendor systems needs to be balanced with local resilience.”
While investigators proceed, passengers continue to suffer from the fallout. Photos and videos show long queues winding through terminals and staff hastily handwriting boarding passes. For many travelers, the ordeal prompts questions about how one cyberattack could disrupt journeys across multiple countries in hours.
The NCA has not revealed when its investigation will conclude or if more arrests are possible. For now, officials urge patience as technical teams work to restore the systems. The outcome—and subsequent measures—may shape the future resilience of Europe’s skies.
