Teen hackers behind Britain’s costliest cyber attack on TfL jailed five and a half years each
The landmark sentencing follows a cyber attack that crippled Transport for London, exposed millions of customer records, and caused nearly £30 million in losses.
Two teenage hackers have been jailed for five and a half years each after pleading guilty to what authorities call Britain’s largest cyber attack on Transport for London (TfL).
The attack, carried out between August 31 and September 3, 2024, disrupted London’s transport network, compromised the personal data of millions of customers, and inflicted losses of almost £30 million.
The sentencing at Woolwich Crown Court marks a significant milestone in the UK’s response to increasingly sophisticated cyber attack operations carried out by young members of organized cybercrime groups.
Britain’s largest cyber attack disrupted London’s transport network
Thalha Jubair, now 20, and Owen Flowers, now 18, were each sentenced to five years and six months in prison for orchestrating the cyber attack against TfL. Prosecutors said the pair infiltrated the transport authority’s computer systems by deceiving a telephone help desk employee into resetting the password of a staff member they were impersonating.
Cyber attack on TfL court case Jubair and Flowers (Image: NCA/PA Wire)
The hackers were linked to Scattered Spider, an English-speaking cybercrime collective associated with the wider criminal network known as “The Com.” Investigators said the pair launched the operation over a weekend to reduce the chances of being detected by IT staff.
The cyber attack left 148 technology systems inoperable, forcing all 27,000 TfL employees to reset their passwords in person. Essential online services remained disrupted for months, while the attack also affected Dial-a-Ride services relied upon by disabled and vulnerable Londoners.
Authorities said the stolen database contained the personal information of as many as 10 million TfL customers. Investigators revealed that the database continues to circulate among criminal groups.
During the attack, the teenagers reportedly livestreamed their activities for nearly 16 hours while exchanging Telegram messages boasting about accessing TfL’s Oyster card customer database. Court proceedings heard they searched the records for the personal information of well-known London figures before attempting to obtain banking details.
The TfL cyber attack highlighted the growing threat posed by Scattered Spider, a cybercrime group linked to numerous high-profile attacks in the United Kingdom and internationally, including previous incidents involving major retailers Marks & Spencer and the Co-op.
Police also uncovered evidence that Flowers continued hacking while living at his grandmother’s home in Walsall. Officers arrested him while he was allegedly targeting two healthcare providers in the United States.
Messages recovered during the investigation showed Flowers making disturbing remarks about the potential consequences of those attacks.
Police also seized cryptocurrency worth around £1 million during the investigation. Although authorities believe the pair accumulated access to millions of pounds in stolen or ransom-related cryptocurrency, investigators said their primary motivation appeared to be gaining status within online cybercrime communities rather than financial profit.
Jubair, who lived with his family in east London, was described in court as having been known to police for several years. His defence argued that he had been groomed by older cybercriminals after struggling with isolation and mental health issues. However, prosecutors noted that he remains wanted in the United States over alleged cybercrime offences affecting 47 victims and reportedly linked to more than $115 million in ransom payments.
Court proceedings also revealed that both teenagers were found with contraband mobile phones while on remand and allegedly continued discussing future cyber attack plans through recovered messages.
Officials warn the cyber attack reflects growing online risks
The National Crime Agency (NCA), which alerted TfL during the breach and helped remove the attackers from its systems, said the case demonstrates how online criminal communities continue to recruit and influence young people.
“The online world can expose young people to harmful influences and criminal communities far beyond their front door.” — Paul Foster, Deputy Director and Head of the National Cyber Crime Unit, National Crime Agency
Foster added:
“Parents, carers, educators, technology companies and law enforcement, the whole of society, we all have a role to play in helping to keep young people safe online.” — Paul Foster, National Crime Agency
The NCA said arrests connected to the investigation had significantly disrupted Scattered Spider’s operations, although experts warned the wider threat remains.
Experts say cyber attack sentencing alone will not end youth hacking
Cybersecurity analyst Allison Nixon said the convictions should not be viewed as a complete solution to the growing problem of youth involvement in organized cybercrime.
“Policymakers need to address this as a violent youth gang problem, with a gang culture that idolizes the destruction of society and maximising victim harm.” — Allison Nixon, Cybersecurity Analyst
The case underscores the evolving nature of cybercrime, where technically skilled teenagers can inflict widespread disruption on critical public infrastructure through social engineering rather than highly complex software exploits.
Investigators say the cyber attack against TfL demonstrates how a single successful deception of an employee can cascade into operational paralysis, significant financial losses, and long-term risks to millions of individuals whose personal information remains exposed.
Moses Edozie is a writer and storyteller with a deep interest in cryptocurrency, blockchain innovation, and Web3 culture. Passionate about DeFi, NFTs, and the societal impact of decentralized systems, he creates clear, engaging narratives that connect complex technologies to everyday life.