Arrest in UK tied to European airport cyberattack as check-in systems remain disrupted

A man in his 40s was arrested in West Sussex on Tuesday on suspicion of offences under the Computer Misuse Act in connection with a cyber attack that crippled automated check-in and boarding systems at Heathrow and other European airports, investigators said. The National Crime Agency (NCA) said the arrest was one development in a broader operation linked to disruption that has affected multiple hubs and forced travelers to revert to paper-based processing. Authorities stressed that the investigation was in its early stages and ongoing, with further updates anticipated as inquiries proceed.

The incident centers on the automated check-in and boarding software known as MUSE, supplied by American firm Collins Aerospace and used by airlines worldwide. Since the weekend, hundreds of flights have been delayed or canceled as airports scrambled to operate without the digital tooling that normally guides passenger processing. Heathrow, Brussels, Berlin, Dublin and Cork were among the airports reporting widespread disruption, with staff deployed to assist passengers as the systems were rebuilt. The European Union’s cyber-security agency ENISA said ransomware had been deployed in the attack, and Collins Aerospace has been working to bring the software back online. Heathrow has advised travelers to monitor flight status and expect ongoing delays, with the U.S. firm yet to publish a firm timeline for a full restoration. After attempts to restart the system on Monday, the company has signaled that a longer recovery window may be necessary and has urged ground handlers and airlines to plan for continued manual workarounds for at least another week.

The NCA confirmed the arrest and said the suspect had been detained in West Sussex on Tuesday on suspicion of Computer Misuse Act offences and released on conditional bail as the investigation continues. Paul Foster, head of the NCA’s National Cyber Crime Unit, underscored that while the arrest is a positive development, the inquiry remains in its early stages and ongoing. The agency said it is coordinating with domestic and international partners in the broader probe into the incident that disrupted a critical piece of aviation infrastructure.

The disruption began late Friday and extended into the weekend, with many flights affected as airports resorted to manual procedures. Heathrow, home to the world’s busiest international airport complex, reported queues and delays in terminals that relied on MUSE for check-in and boarding processing. Passengers at Heathrow’s Terminal 4 described long lines and uncertainty about whether they would be able to travel as planned. In Brussels, the strain was even more acute, with half of outbound flights canceled on Sunday and roughly 140 additional cancellations on Monday. Berlin and Dublin also faced substantial disruption, with some passengers compelled to queue for hours or be rebooked on later itineraries. Cork reported similar knock-on effects as carriers rerouted and rescheduled.

The European Commission said it was monitoring the situation but found no immediate evidence that the disruption was widespread or severe across Europe’s airspace. The National Cyber Security Centre, the U.K.’s public-facing arm of the government’s cybersecurity apparatus, has opened an investigation into the event. Experts have noted that the timing aligns with other geopolitical tensions in the region, with some analysts suggesting the attack could be linked to pro-Russia groups, though investigators cautioned that attribution remains uncertain and that such conclusions require rigorous corroboration. RTX, Collins Aerospace’s parent company, said it was aware of a cyber-related disruption to MUSE in select airports and was actively working to resolve the issue and restore full functionality to customers as quickly as possible.

As the industry races to restore digital systems, airlines and ground handlers have been forced to rely on manual processes to manage passenger flows. Some airports instructed travelers to arrive even earlier than usual to accommodate longer check-in times, while others issued frequent updates as the recovery progressed. The incident has reignited questions about the resilience of automated passenger processing in a high-traffic travel period and underscored the ongoing cybersecurity risks facing global aviation infrastructure.

Experts familiar with cyber risk in aviation note that the attack’s impact underscores the dependence on third-party software for day-to-day operations and the potential for cascading delays when centralized systems falter. In the coming days, regulators and security agencies are expected to publish additional findings as investigations unfold and Collins Aerospace continues to work toward a full restoration of the MUSE platform. Travelers should remain attentive to airline advisories and airport communications as disruptions may persist into the week ahead.