Two members of a cybercrime group have been sentenced for their role in a significant cyber attack on Transport for London (TfL). This attack, which occurred in 2024, disrupted 148 TfL systems and led to an extensive password reset for all 27,000 staff members, incurring a cost of approximately £29 million.
Details of the Cyber Attack
Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, were sentenced on July 16, 2026, at Woolwich Crown Court. They both pleaded guilty to the attack under Section 3ZA of the Computer Misuse Act, which addresses unauthorized acts that result in serious damage.
The breach occurred between August 31 and September 3, 2024. While rapid response measures minimized the worst potential impacts, essential public services were still affected. Disruptions included Dial-a-Ride services, concessionary travel cards, digital payments, and the Oyster photocard application process for children.
Impact and Investigation
The cyber attack forced all TfL employees to physically reset their passwords, causing significant inconvenience. Key systems had to be manually operated, and data from the Oyster refunds system was compromised, resulting in delays for customers. The incident was reported to the City of London Police’s Report Fraud service.
Jubair and Flowers, identified as key figures in the Scattered Spider group, were apprehended following investigations by the National Crime Agency (NCA) and City of London Police. They were arrested on September 16, 2024, with evidence found on their devices, including connectivity screenshots and videos of the attack.
Ongoing Threat and Legal Measures
Microsoft’s analysis suggested the arrests significantly weakened Scattered Spider’s operations, although the group could still pose a threat. The NCA and City of London Police highlighted the scale of this prosecution, emphasizing the importance of early law enforcement engagement.
Security Minister Dame Angela Eagle and TfL Commissioner Andy Lord commended the thorough investigation, underscoring the need for improved cyber resilience. Cyber Crime Risk Orders are being proposed to restrict technology use by high-risk offenders, acting as a “digital prison.”
The FBI Cyber Division noted the group’s continued use of extortion against critical services. This case emphasizes the growing need for robust cybersecurity measures to protect essential infrastructure.
