A man has been arrested in West Sussex following a major cyber attack that caused days of disruption at airports across Europe, including Heathrow.
The National Crime Agency (NCA) confirmed that a man in his forties was detained ‘as part of an investigation into a cyber incident impacting Collins Aerospace’.
He was arrested on suspicion of Computer Misuse Act offences on Tuesday evening and has since been released on bail.
“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said Paul Foster, head of the NCA’s national cyber crime unit.
The attack targeted baggage and check-in software supplied by Collins Aerospace, leading to hundreds of delayed and cancelled flights.
At London Heathrow, the UK’s largest airport, some automated check-in/boarding functions were unavailable and manual processing caused delays for certain flights, though many services returned to normal as systems were recovered.
Brussels, Berlin and several other European airports saw more severe cancellations and delays.
RTX Corporation, Collins Aerospace’s parent company, said it valued the NCA’s assistance but has not provided a timeline for a full recovery.
Airlines and ground handlers have been warned to expect at least another week of manual workarounds.
At Heathrow, extra staff have been deployed to assist passengers, though delays continue.
The EU’s cyber-security agency has confirmed that ransomware was deployed in the attack.
Typically, ransomware is used to lock or severely disrupt IT systems, with criminal groups demanding cryptocurrency payments to restore access.