A man in his 40s has been arrested in West Sussex, UK, in connection with a cyber attack that caused significant disruption at several major European airports, including London Heathrow, over a recent weekend. The UK National Crime Agency (NCA) detained the suspect on Tuesday on suspicion of Computer Misuse Act offences, subsequently releasing him on conditional bail. The incident led to chaos for thousands of passengers, with flights cancelled or delayed at airports such as Heathrow, Brussels, Berlin, Dublin, and Cork.

The target of this cyber offensive was the automated check-in and boarding software known as MUSE, supplied by the American firm Collins Aerospace, a technology used by airlines globally. The attack forced airports to revert to manual check-in and boarding operations, leading to extensive queues and confusion. In Brussels, half of all flights were cancelled, while Heathrow passengers faced three-hour long queues and were advised to check their flight status before travelling. Berlin Airport also reported ongoing issues, particularly exacerbated by the Berlin marathon which increased passenger traffic, and urged customers to use online check-in.

Paul Foster, Deputy Director and head of the NCA’s National Cyber Crime Unit, stated that while the arrest marked a positive step, the investigation into the incident remains in its early stages. He highlighted cybercrime as a persistent global threat causing significant disruption to the UK, reaffirming the NCA's commitment alongside partners to reduce this threat. The National Cyber Security Centre, the public-facing arm of GCHQ, also launched an investigation into the incident.

Experts have suggested a potential link between the attack and pro-Russia groups, noting its timing just hours after Russian jets reportedly breached NATO airspace by entering Estonia’s skies. This theory is further supported by the fact that Collins Aerospace is a major supplier to the Ukrainian military. The European Commission, responsible for managing European airspace, monitored the situation but indicated there were no signs of the alleged cyber attack being widespread or severe.

The disruption began on a Friday night, continuing throughout the weekend, coinciding with a busy travel period in September. Brussels Airport alone saw 50 outbound flights cancelled on Sunday and nearly 140 on Monday, with limited disruption still expected mid-week. RTX, the parent company of Collins Aerospace, acknowledged a cyber-related disruption to its MUSE software in select airports and confirmed it was actively working to restore full functionality.

This incident is the latest in a series of cyber breaches affecting major UK companies this year. Previous attacks include those impacting Tata-owned Jaguar Land Rover, which halted production for weeks, as well as retailers Marks & Spencer and the Co-op, all of which incurred significant costs. Collins Aerospace itself is owned by RTX, a New York-listed entity that is one of the world’s largest aerospace and weapons groups.