Cybercrime,
Fraud Management & Cybercrime,
Geo Focus: The United Kingdom
Members of Scattered Spider Group Admit Disrupting London Underground Operator
In a significant development within the realm of cybercrime, two Englishmen have pleaded guilty to charges concerning a hacking incident that severely disrupted Transport for London’s (TfL) payment system in 2024. This hacking episode notably affected the city’s major underground transport operations, including the processing of payments through the widely used Oyster card system.
Thalha Jubair, aged 20, from East London, and Owen Flowers, 18, from the West Midlands, initially entered not-guilty pleas under Britain’s Computer Misuse Act. However, on the opening day of their trial at Woolwich Crown Court in London, they changed their pleas to guilty, effectively sidestepping a lengthy six-week trial process. Both men are recognized as affiliates of the Scattered Spider group, known for its involvement in various digital extortion schemes.
The targeted cyberattack took place between August 31 and September 3, 2024, although the ramifications were felt long after the immediate incident. The disruption rendered TfL temporarily incapable of processing payments made through the Oyster cards and caused severe degradation to the Dial-a-Ride service, essential for wheelchair users and individuals with disabilities. A subsequent report by the BBC revealed that, during this hack, sensitive data from approximately 10 million riders was compromised, further escalating concerns about the security of passenger information.
Additionally, Flowers confessed to conspiring to commit unauthorized acts against American healthcare companies, SSM Health Care and Sutter Health. However, he denied two charges, which a judge ordered to be placed on file—implying those charges are unlikely to be prosecuted in the future. This legal maneuver allows the court to focus on the most pertinent offenses while setting aside less critical allegations.
Both defendants are scheduled to return to Woolwich Crown Court on July 15 for a two-day sentencing hearing. Following their arrests on September 16, 2025, by officers from Britain’s National Crime Agency (NCA), evidence emerged linking the duo to various cyber intrusions, including recordings of their activities during the TfL attack. The police found incriminating materials, including an Acer laptop belonging to Flowers, which contained critical evidence of his involvement in the hack, including screenshots that demonstrated access to TfL’s computer infrastructure.
The operational scale of the attack was devastating; estimates suggest that TfL incurred losses totaling $38 million due to the breach and recovery efforts. In a bid to mitigate the damage, all 28,000 employees were mandated to reset their passwords, illustrating the extensive operational disruptions caused by the cyber assault.
Nik Adams, deputy commissioner of the City of London Police, underscored the seriousness of the cyberattack, stating it had a “significant and far-reaching impact” on vital public services. This incident has brought to light the pressing threat of cybersecurity in urban infrastructure and public service systems.
While the conviction of Jubair and Flowers marks a notable achievement in combating cybercrime, the ongoing prevalence of digital extortion and disruptive attacks, especially among younger offenders, remains a grave concern. The Scattered Spider group is particularly infamous for targeting not only publicly funded organizations but also high-street brands such as Marks & Spencer and the Cooperative Group, as well as automotive giant Jaguar Land Rover.
Moreover, Jubair faces criminal allegations from the United States, stemming from a broad range of hacking activities and extortion operations targeting numerous American entities. According to an unsealed complaint from a New Jersey federal court, Jubair, who operated under various online aliases, allegedly extorted around $115 million in ransom payments connected to over 120 hack attacks spanning from mid-2022 to September 2025. If found guilty in U.S. courts, he could face a staggering 95 years in prison, a harsh consequence that starkly illustrates the severity of his alleged crimes.
The convictions of these two young individuals reveal a pressing and evolving threat presented by homegrown cybercriminals in the UK and beyond. Security experts indicate that these offenders often emerge from loose collections like Scattered Spider, highlighting the need for increased vigilance and robust cybersecurity measures across critical infrastructure sectors.