[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXDRfNoZkZxMS0UcFYr55VOBLNqK4J2uSKUhvmJJs31k":3},{"article":4,"iocs":56},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"760db8d3-d572-42d4-8ed8-2a4aca280a99","Scattered Spider members plead guilty to hacking Transport for London","scattered-spider-members-plead-guilty-to-hacking-transport-for-london-aa92e0","Two members of the 'Scattered Spider' cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. [...]","Two members of the cybercrime group Scattered Spider, Thalha Jubair and Owen Flowers, have pleaded guilty to hacking Transport for London (TfL) systems in 2024. The attack, which occurred between August 31 and September 3, 2024, disrupted customer refund services and led to millions of pounds in losses for TfL. Investigators seized evidence including screenshots of TfL infrastructure access and communications via Telegram.","Two Scattered Spider members plead guilty to hacking Transport for London systems in 2024.","Scattered Spider members plead guilty to hacking Transport for London By Bill Toulas June 23, 2026 11:31 AM 0 Two members of the 'Scattered Spider' cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. The two individuals, Thalha Jubair (20) and Owen Flowers (18), breached the systems of London's transportation service between August 31 and September 3, 2024, causing millions of pounds in losses. Jubair and Flowers previously declined involvement in the incident but have changed their pleas to guilty on the first day of the proceedings at Woolwich Crown Court. TfL is a public body responsible for managing the majority of London’s transportation networks, serving a metropolitan area of millions, and handling thousands of journeys daily. On September 2, 2024, TfL's infrastructure suffered a cybersecurity incident, causing operational disruptions that continued for days. The attackers accessed data from TfL's Oyster refunds system and disrupted customer refund services, delaying refunds for some users. On September 12, TfL admitted that customer data had been stolen in the attack, while the U.K.’s National Crime Agency (NCA) announced on the same day the arrest of Flowers, a suspect at the time. Jubair and Flowers were arrested on September 18, 2025, after the investigators retrieved incriminating evidence for both, extending even beyond the TfL cyberattack. Flowers breached his bail conditions twice, in March and in May 2025. According to the NCA, the cyberattack at TfL forced all 28,000 employees to visit their local offices to reset their passwords and caused £29 million ($38.3M) in financial damage to the public transportation organization. “The attack caused millions of pounds in losses to a key part of the UK’s critical national infrastructure, and was a significant inconvenience for customers,” stated NCA’s Deputy Director Paul Foster. “Today’s result would not have been possible if TfL had not engaged with law enforcement early, so I would urge any other organization to please do the same in such circumstances.” The investigators seized multiple devices from Flower’s home, including a laptop containing a screenshot showing connectivity to TfL infrastructure, evidence of access to a marketplace selling stolen credentials, and videos showing Jubair breaching TfL systems. The hackers communicated via Telegram and a shared online collaboration platform during the intrusion, the NCA stated. In addition to TfL, authorities have also linked Flowers to intrusions at SSM Health Care Corporation and Sutter Health, both American healthcare organizations. The two Scattered Spider members were scheduled to stand trial on June 22, but the sentencing was rescheduled for July 16 because of changing their plea to guilty. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: British Scattered Spider hacker pleads guilty to crypto theft chargesFBI disrupts massive AI-powered phishing service using a million URLsUkrainian national pleads guilty to role in Conti ransomware operationCISA tells govt agencies to patch critical exploited flaws in 3 daysWhatsApp says it disrupted new NSO spyware phishing attacks","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fscattered-spider-members-plead-guilty-to-hacking-transport-for-london\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2024\u002F09\u002F02\u002Fjust-uk.jpg","2026-06-23T15:31:59+00:00","2026-06-23T16:00:11.251469+00:00",8,[18,21,24,27,29,31],{"name":19,"type":20},"Scattered Spider","threat_actor",{"name":22,"type":23},"Oyster refunds system","product",{"name":25,"type":26},"Transport for London","vendor",{"name":28,"type":23},"Telegram",{"name":30,"type":23},"SSM Health Care Corporation",{"name":32,"type":23},"Sutter Health","6cbdd207-aaa1-4176-9534-e156b125e917",{"id":33,"icon":35,"name":36,"slug":37},null,"Nation-state","nation-state",[39,44,46,51],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"2e06f76c-d5b9-4f54-9eef-4d3447b10730","Breaches","breaches",{"category":45},{"id":33,"icon":35,"name":36,"slug":37},{"category":47},{"id":48,"icon":35,"name":49,"slug":50},"c5c77cdb-f7d7-4990-9436-c81dcbff1163","Policy","policy",{"category":52},{"id":53,"icon":35,"name":54,"slug":55},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[57,60],{"type":58,"value":19,"context":59},"malware","Threat actor group",{"type":61,"value":62,"context":63},"url","https:\u002F\u002Fwww.picussecurity.com\u002Fresource\u002Fwhitepaper\u002Ftest-every-layer-before-attackers-do","Promotional link for a whitepaper"]