2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack

Summary

Two teenagers, Thalha Jubair and Owen Flowers, linked to the Scattered Spider hacking group, have pleaded guilty to a £39 million cyberattack on Transport for London (TfL) and breaches of US healthcare networks. The attack on TfL caused significant service disruptions and impacted customer data, while the US hospital breaches also involved accessing sensitive information. The case highlights the growing threat from young cybercriminals in the UK.

Full text

Cyber Crime Security2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack Two teenagers face sentencing after admitting to a massive Scattered Spider cyberattack that hit Transport for London (TfL) and US healthcare networks. byDeeba AhmedJune 23, 20263 minute read Listen to this article 0:00 — ← 10s ▶ Play 10s → Speed 0.75× 1× 1.25× 1.5× 2× Voice Loading voices… Press play to start listening Two young hackers, reportedly the members of the Scattered Spider hacking group, pleaded guilty under the Computer Misuse Act for their involvement in a £39 million cyberattack on Transport for London (TfL). Specifically, they admitted to conspiring to commit unauthorised acts against TfL’s computer systems, a charge carrying a severe warning that the attack created a serious risk of damage to human welfare. The hackers, Thalha Jubair, 20, and Owen Flowers, 18, were to stand trial at Woolwich Crown Court on 22 June, but they changed their pleas to guilty on the very first day of their trial. “The profile of offenders like Flowers and Jubair demonstrates the increasing threat from cyber criminals based in the UK and other English-speaking countries, epitomised by Scattered Spider,” NCA’s deputy director and NCA’s National Cyber Crime Unit, Paul Foster, stated in an official press release. Jubair and Flowers are accused of a cyberattack on TFL between 31 August and 3 September 2024 that completely shook the capital’s transport network, causing a 3-month-long service disruption, even forcing all 28,000 TfL staff members to physically walk into an office just to reset their computer passwords. The attack hit everyday passengers harder because the hackers also targeted the Oyster card refund system. This forced people to wait much longer to get their money back. Also, the hackers completely shut down the online application system for children’s discount Oyster cards. The British Transport Police and West Midlands officers collaborated to arrest the hackers after a “lengthy, highly complex and painstaking investigation,” the NCA’s official statement read. As per Hackread.com’s past coverage of the incident in September 2024, while core train and bus services remained running, the hackers did access the personal details, names, and bank information of 10 million customers. Thalha Jubair, 20 (left) and Owen Flowers, 18 (right). Raids and International Targets The National Crime Agency (NCA) and City of London Police raided the hackers’ homes on 16 September 2024, seizing tower computers, laptops, USB sticks, and hard drives containing crucial evidence linking the duo to the attack. One laptop had video clips of Jubair actually using TfL systems while the two discussed the attack on Telegram and a shared online workspace. Flowers also looked at data, selling stolen login details online, and broke his bail rules twice in 2025. He even targeted US hospitals, breaking into networks belonging to SSM Health Care and Sutter Health. Teenagers and Online Crime This case highlights the consistent, disturbing rise in the youth’s involvement in such crimes, as they don’t understand the legal dangers of cyberattacks. NCA earlier reported that one in five UK children between 10 and 16 have broken the law online and engaged in hacking. “A recent survey of children aged 10-16 showed that 20% engage in behaviours that violate the Computer Misuse Act, which criminalises unauthorised access to computer systems and data. The figure is higher for those who game, standing at 25%,” NCA reported in 2024. The case against Jubair and Flowers actually shows what happens when authorities catch these young hackers, and it must be taken as an example. Now that they have pleaded guilty, both will remain in custody. They will face the legal consequences together during a two-day sentencing hearing scheduled for 15 and 16 July 2026. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts Cyber AttackCyber CrimeCybersecuritydata breachOwen FlowersScattered SpiderTFLThalha JubairTransport for London Leave a Reply Cancel reply View Comments (0) Related Posts Cyber Crime Operation Narsil – INTERPOL Busts Decade-Old Child Abuse Network These networks generated revenues from advertising sexually explicit content involving children. byWaqas Security Leaks Alleged data of 47.5 million Truecaller Indian users sold online Truecaller has something to say about the breach. bySudais Asif Read More Cyber Crime Feds Seize CFAKE and SOCFAKE Over Explicit Deepfakes of Famous Women Both CFAKE and SOCFAKE (CFAKE.com and SOCFAKE.com) were seized after prosecutors said they hosted nonconsensual nude digital forgeries of famous women. byWaqas Security All Ledger hardware wallets vulnerable to man in the middle attack Ledger hardware wallet that is currently operating in the cryptocurrency market is vulnerable to cyber attacks. The vulnerability… byWaqas

Entities