UK authorities announce arrest in cyberattack that disrupted European airports

Britain’s National Crime Agency (NCA) said it has arrested a man as part of an investigation into a cyberattack that disrupted flights at Heathrow and several other European airports over the weekend.

NCA officers detained a man in his forties from West Sussex on suspicion of computer crime. He was later released on conditional bail, the agency said on Wednesday.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” Paul Foster, deputy director of the NCA’s National Cyber Crime Unit, said in a statement.

The agency did not name the suspect or say whether he acted alone or as part of a wider cybercriminal group.

The incident, first reported on September 19, crippled check-in and baggage systems at major airports including London Heathrow, Brussels, Berlin and Dublin, leaving thousands of passengers facing long queues and prompting hundreds of flight delays and cancellations.

The attack targeted the vMUSE self-service software supplied by Collins Aerospace, a subsidiary of U.S. defense giant RTX, which supports passenger check-in, baggage tagging and boarding.

RTX briefly described the incident in an 8-K form filed on Wednesday with the U.S. Securities and Exchange Commission.

The company said that on September 19, it “became aware of a product cybersecurity incident involving ransomware” on systems that support vMUSE. Those systems “operate outside of the RTX enterprise network, residing on customer-specific networks.”

RTX said it is “diligently investigating the incident with the assistance of internal and external cybersecurity experts and has notified domestic and international law enforcement authorities and certain other government agencies.” Customers such as airlines and airports are getting technical support, the filing said.

The European Union’s cybersecurity agency ENISA said on Monday that it had identified the type of ransomware used but did not disclose details.

Airport operators across Europe warned on Wednesday that disruptions were ongoing. Berlin’s airport said its check-in and baggage handling systems had yet to be restored and warned of further delays and cancellations. Brussels Airport also reported limited disruption.

London’s Heathrow said most flights were operating normally but urged passengers to check schedules before travelling. Dublin Airport said operations were “moving well,” though some airlines were still relying on manual workarounds.

Collins Aerospace said on Monday it was in the “final stages” of restoring its systems but has not issued further updates.

Editor's Note: Story updated 11:05 a.m. Eastern U.S. time with information from RTX's filing with the SEC.