Former NSA hacker David Kennedy joins ‘Mornings with Maria’ to discuss hacking group ‘Scattered Spider’ targeting the airline industry ahead of the July 4th weekend and the CIA declassifying a review of the 2016 Russia election interference probe.
A man was arrested in connection with a cyberattack that disrupted operations at several European airports, the U.K.’s National Crime Agency said.
The incident, first reported on Sept. 19, impacted flights at London’s Heathrow Airport and others over the weekend, according to the agency.
The suspect was arrested in West Sussex, England, on Tuesday evening on suspicion of Computer Misuse Act offenses. Police described the suspect as a male in his 40s, but provided no further details.
The suspect has been released on conditional bail, the agency said.
The incident, first reported on Sept. 19, impacted flights at London’s Heathrow Airport and others over the weekend. (Maja Smiejkowska/PA Images via / Getty Images)
While Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, called the arrest “a positive step,” he noted that the investigation into the incident is still in the early stages and remains ongoing.
“Cybercrime is a persistent global threat that continues to cause significant disruption to the UK. Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public,” Foster said.
This marks the latest cyberattack targeting the airline industry. In July, Australian airline Qantas said it suffered a cybersecurity incident that impacted the personal data of millions of customers.
People at London Heathrow Airport as flights were delayed and canceled at airports in Europe after an alleged cyberattack targeted a service provider for check-in and boarding systems. (Maja Smiejkowska/PA Images via / Getty Images)
The airline was announced shortly after the FBI warned on social media about a notorious cybercriminal group known as “Scattered Spider” that was targeting the airline sector.
The FBI posted on X that the group relies on “social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access” and frequently involves methods to bypass multifactor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.
Travelers wait in the terminal at Heathrow Airport, west of London on Sept. 20, 2025. (Justin Tallis/AFP via / Getty Images)
“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI wrote.