Two British cybercriminals from the Scattered Spider hacking group have pleaded guilty to a massive cyber-attack on Transport for London in 2024. Thalha Jubair, 20, and Owen Flowers, 18, admitted conspiring to commit unauthorised acts against computer systems belonging to TfL, causing £39m worth of damage and affecting 10 million people.
The duo’s actions prevented live tube arrival information from appearing on the TfL Go app and website, while also crippling payments on Oyster and contactless apps. The incident highlighted the growing threat from homegrown hackers in the UK, according to the National Crime Agency (NCA).
Flowers has a history of hacking, with previous convictions including attempts to hack US healthcare companies. Jubair has been linked to multiple cyber-attacks targeting 47 US organisations, garnering over $100m (£75m) in ransom payments.
The pair were remanded in custody ahead of their sentencing hearing on July 15th. Their guilty pleas came on the first day of a six-week trial, and they have both been diagnosed with autism and mental health conditions.
The incident underlined the real-world consequences of cybercrime, which can impact people’s lives greatly despite appearing to be “faceless” and “distant”. The NCA said Flowers and Jubair were part of an online hacking community known as Scattered Spider, which has carried out several attacks in recent years.
Source: https://www.theguardian.com/technology/2026/jun/22/two-britons-plead-guilty-to-39m-2024-cyber-attack-on-transport-for-london