GoKawiilTwo members of the 'Scattered Spider' cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024.
The two individuals, Thalha Jubair (20) and Owen Flowers (18), breached the systems of London's transportation service between August 31 and September 3, 2024, causing millions of pounds in losses.
Jubair and Flowers previously declined involvement in the incident but have changed their pleas to guilty on the first day of the proceedings at Woolwich Crown Court.
TfL is a public body responsible for managing the majority of London’s transportation networks, serving a metropolitan area of millions, and handling thousands of journeys daily.
On September 2, 2024, TfL's infrastructure suffered a cybersecurity incident, causing operational disruptions that continued for days.
The attackers accessed data from TfL's Oyster refunds system and disrupted customer refund services, delaying refunds for some users.
On September 12, TfL admitted that customer data had been stolen in the attack, while the U.K.’s National Crime Agency (NCA) announced on the same day the arrest of Flowers, a suspect at the time.
Jubair and Flowers were arrested on September 18, 2025, after the investigators retrieved incriminating evidence for both, extending even beyond the TfL cyberattack. Flowers breached his bail conditions twice, in March and in May 2025.
According to the NCA, the cyberattack at TfL forced all 28,000 employees to visit their local offices to reset their passwords and caused £29 million ($38.3M) in financial damage to the public transportation organization.
“The attack caused millions of pounds in losses to a key part of the UK’s critical national infrastructure, and was a significant inconvenience for customers,” stated NCA’s Deputy Director Paul Foster.
... continue reading