Man in his 40s arrested over cyber attack that crippled Heathrow and European airports
Investigation focuses on automated MUSE check-in system used by airlines; arrest under Computer Misuse Act; disruption hit major hubs across Europe.
A man in his 40s has been arrested over a cyber attack that crippled Heathrow and other European airports over the weekend, authorities said. The suspect was detained in West Sussex on Tuesday on suspicion of Computer Misuse Act offences and released on conditional bail, the National Crime Agency said.
Thousands of air passengers faced disruption at major hubs, with Heathrow, Brussels, Berlin, Dublin and Cork among the airports affected. The attack targeted MUSE, the automated check-in and boarding software supplied by Collins Aerospace and used by airlines around the world. Hundreds of flights were cancelled or delayed as airports switched to manual processes, with Heathrow advising travelers to check flight status ahead of travel. Brussels Airport cancelled about half of its outbound flights on Sunday, and nearly 140 more were called off on Monday, while Berlin and other airports reported ongoing disruptions. At Heathrow, travellers faced long queues and delays as operations shifted to manual check-in and boarding, and the city’s terminals and airports faced a busy weekend.
The European Commission said it was monitoring the situation but there were no signs the alleged cyber attack was widespread or severe. As the National Cyber Security Centre — the UK public-facing arm of GCHQ — launched an investigation on Friday night, experts said the attack could be linked to pro-Russia groups. They noted the timing followed a separate incident in which Russian jets breached NATO airspace by entering Estonia’s skies and flying over its sovereign territory for about 12 minutes.
Collins Aerospace’ parent RTX said on Friday night that it had become aware of a cyber-related disruption to its MUSE software in select airports and was actively working to resolve the issue and restore full functionality for customers.
Deputy director Paul Foster, head of the National Crime Agency’s National Cyber Crime Unit, said: “Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing. Cybercrime is a persistent global threat that continues to cause significant disruption to the UK. Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public.”
The disruption affected travel over a busy September weekend, with European airports reporting cancellations and delays that kept travellers in queues and airports bustling well into Sunday. Brussels Airport said the pattern of cancellations extended into Monday, though it later signalled limited disruption on Wednesday with some flights still delayed or cancelled. Berlin, Dublin and Cork also reported continued issues as crews worked to restore normal operations and return to automated processes. Officials urged travelers to monitor flight statuses and to expect possible delays as the system restoration continued.
Authorities emphasized that the investigation is ongoing and that the full extent of the disruption will become clearer as more evidence is reviewed. The focus remains on the integrity of the affected software and any potential vulnerabilities exploited by the attackers, while airports and airlines work to resume normal operations and reassure passengers of continued security and service improvements.