On 23 September, a man in his forties was detained in West Sussex, England, on suspicion of offences under the Computer Misuse Act, the UK’s National Crime Agency (NCA) reported. The arrest is linked to a cyberattack that disrupted several European airports, including Brussels, Berlin, Dublin, and London, since 19 September. The man has been released on conditional bail.
“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said Paul Foster, head of the NCA’s national cybercrime unit.
A man has been arrested in the UK by the NCA as part of an investigation into a cyber incident impacting Collins Aerospace.
— National Crime Agency (NCA) (@NCA_UK) September 24, 2025
Read the full story ➡️ https://t.co/v70Ullml4v@SouthEastROCU pic.twitter.com/v2DL1st9SC
The cyberattack targeted Collins Aerospace, an American aerospace and defence company, which caused widespread flight delays and cancellations. Heathrow, Europe’s busiest airport, reported disruptions affecting thousands of passengers, with some stranded for hours. Brussels Airport faced significant challenges, with check-in systems offline, forcing staff to use iPads and laptops to process passengers. Berlin Brandenburg Airport resorted to handwritten boarding passes, as reported by passengers, highlighting the severity of the system failures. The disruptions, which continued for several days, affected air traffic control systems and booking platforms, causing chaos across major hubs.
Happening now! Heathrow, Brussels & Berlin airports hit by a cyberattack disrupting Collins Aerospace’s check-in software.
— FL360aero (@fl360aero) September 20, 2025
Heathrow in London, Brandenburg in Berlin, and Brussels in Belgium couldn’t use their check-in or boarding systems after a cyberattack hit the software… pic.twitter.com/E1GA14K219
On 22 September, the EU’s cybersecurity agency, ENISA, stated that ransomware had been used in the attack. When an organisation is hit with a ransomware attack, its systems are severely disrupted. Cybercriminals, often operating as part of organised gangs, then demand a ransom – usually in cryptocurrency – to fix the damage.
Cyberattacks in the aviation sector have increased by 600% over the past year, according to a report by French aerospace company Thales. The attack on Collins Aerospace also underscores the vulnerabilities of interconnected global systems, exposing multiple systems to malicious actions.
Collins Aerospace has confirmed an IT issue with the systems that it supplies to a number of airlines across Europe. We are supporting affected airlines with their contingencies and have deployed additional colleagues in terminals to assist passengers. The vast majority of… pic.twitter.com/TQwDBU0iZU
— Heathrow Airport (@HeathrowAirport) September 23, 2025
“The vast majority of flights at Heathrow are operating as normal, but we encourage passengers to check the status of their flight before travelling to the airport,” said Heathrow Airport in a statement on its website.
“Cybercrime is a persistent global threat that continues to cause significant disruption to the UK. Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public,” Foster added.
Limited disruptions causing some flight delays and cancellations. Check the status of your flight before coming to the airport. More information on our website: https://t.co/eBq9zMa9Hg pic.twitter.com/P9fcZI0C1W
— Brussels Airport (@BrusselsAirport) September 24, 2025
On 23 September, Brussels Airport said that there might be “limited disruption” to flights due to the cyberattack. Later, on 24 September, Heathrow Airport reported that most of its flights are now “operating as normal.” As airports recover, the incident highlights the need for better cybersecurity measures in aviation.
