LONDON, England — Two members of the cybercrime group known as Scattered Spider have pleaded guilty to charges connected to a cyberattack against London’s transportation network that disrupted services, exposed customer information, and resulted in millions of pounds in recovery costs.
According to the United Kingdom’s National Crime Agency (NCA), Thalha Jubair, 20, of East London, and Owen Flowers, 18, of England’s West Midlands, admitted to their roles in the September 2024 compromise of Transport for London (TfL), the organization responsible for much of the capital’s public transportation infrastructure.
The pair had been scheduled to stand trial before changing their pleas on the opening day of proceedings. Sentencing is scheduled for July 16.
Authorities stated that the attack caused widespread disruption throughout the TfL network and forced approximately 28,000 employees to reset their passwords through in-person procedures. The NCA estimated that the incident resulted in approximately £29 million in losses, remediation costs, and operational disruption.
Investigators said the effects of the breach continued for months after the initial intrusion.
The attack also affected customer-facing systems, including portions of TfL’s refund services and Oyster card infrastructure. Authorities reported that data associated with customer refund systems was exposed during the incident. Applications for discounted Oyster photocards used by children and young people were also disrupted.
Scattered Spider has emerged in recent years as one of the most closely watched cybercrime groups operating against Western organizations. Security researchers and law enforcement agencies have linked the group to intrusions targeting major corporations in the transportation, telecommunications, retail, hospitality, healthcare, insurance, and technology sectors.
Unlike many traditional cybercriminal organizations that operate from overseas jurisdictions, Scattered Spider has been associated with predominantly English-speaking threat actors who frequently employ social engineering tactics, credential theft, multifactor authentication bypass techniques, help-desk manipulation, SIM-swapping attacks, and cloud infrastructure compromise methods.
U.S. prosecutors have previously stated that individuals associated with Scattered Spider participated in cyber extortion campaigns that generated more than $115 million from victims over a multi-year period.
Authorities said Flowers was arrested shortly after the September 2024 attack. During searches of his residence, investigators seized laptops, desktop computers, hard drives, and USB storage devices.
The National Crime Agency reported that forensic examinations uncovered evidence linking the devices to the Transport for London intrusion. Investigators also recovered evidence indicating access to online marketplaces associated with stolen credentials and compromised account information.
Investigators also recovered videos that prosecutors said showed Jubair accessing portions of the Transport for London environment during the intrusion.
Investigators stated that the defendants communicated through Telegram and collaborated using shared online workspaces while carrying out portions of the operation.
Evidence uncovered during the investigation also allegedly indicated compromises involving U.S. healthcare organizations, including SSM Health Care Corporation and Sutter Health. Authorities did not release additional details regarding those findings.
Flowers reportedly violated his bail conditions on two occasions following his arrest. Jubair also faced an additional charge related to failing to provide passwords or PINs associated with devices seized during the investigation.
The defendants faced some of the most serious cybercrime offenses available under United Kingdom law, including conspiracy to commit unauthorized computer acts creating a risk of serious damage to human welfare or national security. Those offenses carry potential penalties that can include life imprisonment.
The investigation was conducted by the National Crime Agency’s National Cyber Crime Unit.
🔥 NOW AVAILABLE! 🔥
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 2 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.
🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
