Two members of the ‘Scattered Spider’ cybercrime group pleaded responsible to hacking the Transport for London (TfL) programs in 2024.
The 2 people, Thalha Jubair (20) and Owen Flowers (18), breached the programs of London’s transportation service between August 31 and September 3, 2024, inflicting thousands and thousands of kilos in losses.
Jubair and Flowers beforehand declined involvement within the incident however have modified their pleas to responsible on the primary day of the proceedings at Woolwich Crown Court docket.
TfL is a public physique answerable for managing nearly all of London’s transportation networks, serving a metropolitan space of thousands and thousands, and dealing with hundreds of journeys every day.
On September 2, 2024, TfL’s infrastructure suffered a cybersecurity incident, inflicting operational disruptions that continued for days.
The attackers accessed information from TfL’s Oyster refunds system and disrupted buyer refund providers, delaying refunds for some customers.
On September 12, TfL admitted that buyer information had been stolen within the assault, whereas the U.Ok.’s Nationwide Crime Company (NCA) introduced on the identical day the arrest of Flowers, a suspect on the time.
Jubair and Flowers have been arrested on September 18, 2025, after the investigators retrieved incriminating proof for each, extending even past the TfL cyberattack. Flowers breached his bail situations twice, in March and in Might 2025.
In line with the NCA, the cyberattack at TfL pressured all 28,000 staff to go to their native places of work to reset their passwords and brought on £29 million ($38.3M) in monetary injury to the general public transportation group.
“The assault brought on thousands and thousands of kilos in losses to a key a part of the UK’s vital nationwide infrastructure, and was a big inconvenience for patrons,” acknowledged NCA’s Deputy Director Paul Foster.
“In the present day’s end result wouldn’t have been potential if TfL had not engaged with legislation enforcement early, so I might urge every other group to please do the identical in such circumstances.”
The investigators seized a number of gadgets from Flower’s house, together with a laptop computer containing a screenshot displaying connectivity to TfL infrastructure, proof of entry to a market promoting stolen credentials, and movies displaying Jubair breaching TfL programs.
The hackers communicated by way of Telegram and a shared on-line collaboration platform in the course of the intrusion, the NCA acknowledged.
Along with TfL, authorities have additionally linked Flowers to intrusions at SSM Well being Care Company and Sutter Well being, each American healthcare organizations.
The 2 Scattered Spider members have been scheduled to face trial on June 22, however the sentencing was rescheduled for July 16 due to altering their plea to responsible.
Safety groups log 54% of profitable assaults and alert on simply 14%. The remainder transfer via your surroundings unseen.
The Picus whitepaper reveals how breach and assault simulation exams your SIEM and EDR guidelines so threats cease slipping by detection.
