CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 23, 2026

Scattered Spider Hackers Who Breached London Transport Network Plead Guilty

Cybersecurity News Archived Jun 23, 2026 ✓ Full text saved

Two members of the Scattered Spider cybercriminal group have pleaded guilty to a cyberattack on Transport for London (TfL) that caused major service disruptions and resulted in an estimated £29 million in losses. Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, admitted their roles in breaching TfL’s internal network […] The post Scattered Spider Hackers Who Breached London Transport Network Plead Guilty appeared first on Cyber Security News .

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Scattered Spider Hackers Who Breached London Transport Network Plead Guilty By Abinaya June 23, 2026 Two members of the Scattered Spider cybercriminal group have pleaded guilty to a cyberattack on Transport for London (TfL) that caused major service disruptions and resulted in an estimated £29 million in losses. Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, admitted their roles in breaching TfL’s internal network between August 31 and September 3, 2024. The attack impacted critical systems and forced the organization to implement emergency remediation measures across its infrastructure. According to investigators from the UK’s National Crime Agency (NCA) and the City of London Police (COLP), the attackers gained unauthorized access to TfL systems, triggering a full-scale password reset operation affecting approximately 28,000 employees. Staff were required to attend physical offices to reauthenticate, highlighting the severity of the compromise and loss of trust in internal identity systems. TWO YOUNG MEN HAVE ADMITTED MOUNTING A CYBER ATTACK ON TRANSPORT FOR LONDON (TFL), WHICH COST TENS OF MILLIONS OF POUNDS IN LOSSES AND INCONVENIENCED THOUSANDS OF CUSTOMERS. THE NCA AND @CITYPOLICE INVESTIGATED THALHA JUBAIR AND OWEN FLOWERS AFTER TFL’S NETWORK WAS INFILTRATED… PIC.TWITTER.COM/QYWRTVHGTT — National Crime Agency (NCA) (@NCA_UK) June 22, 2026 The breach also exposed data linked to TfL’s Oyster card refund system. This disruption delayed customer reimbursements and temporarily shut down the Oyster photocard application system used by children and young people. Scattered Spider Hackers Breach TfL While the full scope of data exposure has not been publicly disclosed, the operational impact significantly affected public services and customer experience. Digital forensics played a critical role in the investigation. When Flowers was arrested on September 6, 2024, authorities seized multiple devices, including laptops, external drives, and USB storage. One Acer laptop contained a screenshot showing active connectivity to TfL infrastructure, providing direct evidence of unauthorized access. Investigators also found that Flowers had used online marketplaces to access or purchase compromised credentials, suggesting credential-based intrusion techniques were used during the attack. Additional evidence included recorded videos showing Jubair actively navigating TfL systems during the breach. The pair coordinated via Telegram and other collaborative online tools, indicating a structured, real-time attack execution. Further analysis linked Flowers to intrusions targeting US healthcare organizations, including SSM Health Care Corporation and Sutter Health, demonstrating the group’s broader international targeting footprint. This aligns with known Scattered Spider tactics, which often involve social engineering, credential theft, and targeting large enterprises and critical infrastructure. Flowers was later released on bail but violated conditions twice in 2025, raising concerns about continued risk behavior during the investigation period. Both individuals, who were due to stand trial at Woolwich Crown Court, pleaded guilty at the start of proceedings and are scheduled to be sentenced on July 16, 202 Law enforcement officials emphasized the real-world impact of cybercrime, particularly when critical infrastructure is targeted. The attack disrupted essential public transport services and imposed significant recovery costs. Authorities also highlighted the growing trend of young, English-speaking cybercriminals joining organized threat groups such as Scattered Spider. The case underscores the importance of early incident reporting and coordinated response between organizations and law enforcement. Officials noted that TfL’s cooperation was a key factor in the successful investigation and prosecution. Organizations are advised to strengthen identity security controls, monitor credential abuse, and implement rapid incident response procedures to mitigate similar threats. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Authorities Dismantle SocGholish Malware Network — 106 Servers and 101 Domains Seized AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox Hackers Use ClickFix Prompt to Install MSI Package and Launch Hands-On-Keyboard Attack Tata Electronics Data Breach Exposes Confidential Apple and Tesla Documents Hackers Abuse Microsoft Fondue.exe to Side-Load APPWIZ.cpl and Execute Malware Latest News Cyber Security News Researcher Earns $148,337 for Google Cloud Production RCE Vulnerability Cyber Security Tata Electronics Data Breach Exposes Confidential Apple and Tesla Documents Cyber Security News New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users Cyber Security News Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets Cyber Security News Critical FFmpeg Vulnerability Allows Attackers to Weaponize Media Files
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 23, 2026
    Archived
    Jun 23, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗