A man in his forties has been arrested in West Sussex in connection with the cyber-attack that caused widespread disruption at several European airports, including London Heathrow.
The National Crime Agency (NCA), supported by the South East Regional Organised Crime Unit, confirmed that the suspect was detained on suspicion of offences under the Computer Misuse Act.
He has since been released on conditional bail pending further investigation.
The cyber-attack targeted systems operated by Collins Aerospace, a U.S. company owned by RTX Corporation, whose vMUSE platform is widely used for passenger check-in, boarding and baggage handling across Europe.
As earlier reported by First Daily, the disruption forced staff at major airports, including Heathrow, Brussels and Berlin, to revert to manual processes, causing hundreds of delays and cancellations.
READ ALSO: Major Cyberattack Forces Manual Operations at European Airports
Investigators have linked the incident to a strain of ransomware known as HardBit, which operates under an affiliate model, meaning multiple actors may deploy it.
The NCA described the arrest as a “positive step” but said inquiries remain at an early stage and further arrests have not been ruled out.
Collins Aerospace has not confirmed when its systems will be fully restored.
Airlines and ground handlers have been advised to prepare for at least another week of manual operations while additional staff are being deployed to support passengers.