- Two teenagers have been charged over a cyberattack on TfL that caused major disruption and heavy financial losses.
- The hack has been linked to Scattered Spider, a well-known cyber-criminal group.
- One of the accused faces additional charges for targeting US healthcare companies.
- TfL customers were warned their personal and bank details might have been exposed.
Two young men from the UK have been charged following a large-scale cyberattack on Transport for London (TfL). The attack, which began in late August 2024, caused months of disruption, exposed sensitive customer data, and cost the transport authority tens of millions of pounds. Authorities say the hack is linked to an international cyber-criminal group known as Scattered Spider.
How the Attack Unfolded
On 31 August 2024, TfL’s systems were hit by a cyber intrusion that forced the organisation to shut down a number of its online services. While buses, trains and tubes continued to run, passengers struggled to access online platforms, journey updates, and digital information boards.
The National Crime Agency (NCA) described the incident as a “significant disruption” to the UK’s capital transport system. Investigators confirmed that the attack was connected to Scattered Spider, a cyber-crime collective which has been linked to high-profile cases across the UK and the United States.
The fallout for TfL was severe. Not only did the authority face direct financial losses, but around 5,000 customers were contacted and warned that their personal and banking details may have been compromised. For many weeks, digital services remained offline as the transport body tried to recover from the damage.
Who Has Been Charged
The Crown Prosecution Service (CPS) confirmed that two young men are now facing trial in connection with the hack.
Nineteen-year-old Thalha Jubair, from east London, and eighteen-year-old Owen Flowers, from Walsall, were arrested earlier this year at their homes in joint operations involving the NCA and the City of London Police.
Both men appeared at Westminster Magistrates’ Court where they were formally charged under the Computer Misuse Act for conspiring to carry out unauthorised cyber activity against TfL. They have been remanded in custody until their Crown Court hearing, which is scheduled for October.
The charges against Flowers extend further. At the time of the TfL attack, he was already on bail for unrelated offences. Officers say they discovered evidence linking him to additional cyberattacks against US healthcare companies. Flowers will therefore face extra charges relating to those incidents.
Jubair, meanwhile, faces a separate charge under the Regulation of Investigatory Powers Act. He is accused of refusing to hand over passwords to encrypted devices that were seized from him during the investigation.
The Bigger Picture: Scattered Spider and Cyber Crime
The case has sparked renewed attention on Scattered Spider, a group of cyber criminals that UK and US agencies view as a growing threat. The NCA has previously warned that the group, along with other English-speaking cyber collectives, poses a danger not just to businesses but also to critical national infrastructure.
Deputy Director Paul Foster, who leads the NCA’s National Cyber Crime Unit, said the arrests are an important step in a long and complex investigation. He noted that attacks like this can cause enormous financial and operational damage, adding:
“Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example. The NCA, UK policing and our international partners, including the FBI, are collectively committed to identifying offenders within these networks and ensuring they face justice.”
The CPS echoed this message. Hannah Von Dadelszen, Chief Crown Prosecutor, said prosecutors had carefully reviewed the evidence before deciding to press charges. She emphasised that the case was being pursued in the public interest, given the scale of disruption caused to London’s transport network.
TfL’s Response and the Impact on Passengers
For TfL, the cyberattack was one of the most disruptive in its history. In a statement following the charges, the authority said it welcomed the progress made by the NCA.
“We welcome this announcement by the National Crime Agency that two people have now been charged in relation to the cyber incident which impacted our operations last year,” TfL said.
The statement underlined how seriously TfL is treating the breach. In addition to technical repairs, the authority has been forced to upgrade its cyber security and reassure customers whose details may have been leaked.
Although trains and buses were not physically halted, passengers had to endure months of inconvenience as journey planning apps, ticketing systems, and digital displays were either down or unreliable. The incident underlined how dependent modern public services have become on secure online systems.
A Growing Trend Among Teen Hackers
This case also highlights a troubling rise in teenagers becoming involved in cybercrime. In recent years, police and prosecutors have dealt with several high-profile cases where young offenders, some even under the age of 16, have carried out hacks on major retailers, transport operators, and even their own schools.
In the UK alone, major companies including Marks & Spencer, Jaguar Land Rover, and Co-op have been hit by cyber incidents attributed to teenage hackers. Experts suggest that the accessibility of hacking tools, combined with online communities that glamorise cybercrime, has made it easier than ever for teenagers to get involved.
For many, what begins as curiosity or experimentation quickly escalates into serious criminal activity with real-world consequences. The TfL case, now heading to trial, is a stark reminder of how disruptive these actions can be and how determined authorities are to hold offenders accountable.
Follow TechBSB For More Updates
