UK police arrested a man in connection with a cyberattack that disrupted operations at several major European airports, officials confirmed on Tuesday.
The attack, which began over the weekend, forced airports in Berlin, Dublin, Brussels, and London Heathrow to revert to manual check-in and boarding processes after critical software systems went offline. Authorities suspect the incident was linked to ransomware activity, and investigators are examining its impact on aviation infrastructure across multiple countries.
The arrested man, reportedly in his 40s, was taken into custody in West Sussex under suspicion of offenses related to the Computer Misuse Act. He was released on conditional bail as the investigation continues. The incident highlights growing concerns about cybersecurity vulnerabilities in the travel sector, with industry experts warning that disruptions to passenger services could take days to fully resolve.
Airports Struggle With Disruptions
The attack targeted systems supplied by Collins Aerospace, a company that provides check-in, boarding pass, and baggage handling software used by multiple European airports. As the outage spread, airport staff were forced to issue handwritten boarding passes and manually process check-in data. Berlin Airport warned that disruptions could persist for several days, while Dublin and Brussels also reported ongoing service delays.
The disruption led to long queues, delayed departures, and uncertainty for passengers. Authorities confirmed that no personal data leaks have been reported, but the absence of a confirmed motive or group claiming responsibility has increased unease within the sector. Analysts noted that the strain on airport operations revealed the widespread reliance on shared technology systems and their susceptibility to cyberattacks.
Ransomware Suspected
Security researchers linked the incident to a ransomware variant known as HardBit. Unlike other ransomware groups, HardBit does not operate a public data leak site, making it more difficult for investigators to assess the scale of stolen or encrypted data. While no ransom demands have been publicly disclosed, experts believe the group or its affiliates could be behind the attack.
Paul Foster, Deputy Director of the UK’s National Crime Agency (NCA), said the investigation was still at an early stage and emphasized the need for international cooperation. “We are continuing forensic work to understand the scale and impact of this incident,” said Paul Foster, Deputy Director, NCA. “Given the international nature of aviation, coordination with European partners will be vital.”
Cross-Border Response
Law enforcement agencies across Europe are collaborating to trace the origins of the attack and to mitigate its impact. While UK police led the arrest operation, cybersecurity teams in Germany, Ireland, and Belgium are conducting parallel investigations into the disruptions at their airports. The European Union Aviation Safety Agency (EASA) has been notified and is monitoring the situation closely.
Authorities said the arrest marked a step forward in the inquiry but cautioned that further analysis would be required before drawing conclusions about the suspect’s role. The suspect’s identity has not been released, and police did not confirm whether the man had direct ties to cybercriminal groups or whether additional arrests were likely.
The attack struck during a busy travel period, testing airport staffing levels and slowing passenger processing. Aviation officials warned that recovery of full digital operations could take several days, particularly in Berlin, where staff continue to rely on manual systems. Airlines have advised passengers to arrive earlier than usual at affected airports and to expect delays.
The incident has renewed debate over the resilience of Europe’s aviation IT systems and the risks posed by reliance on shared service providers. Experts caution that while airports invest heavily in physical security, cyber defenses may not receive the same attention. Investigators are now working to determine whether the arrested man acted alone or as part of a wider network. The case is expected to drive calls for stronger cybersecurity standards across the aviation industry.
Photo Credit: 1000 Words / Shutterstock.com
