Scattered Spider members plead guilty to hacking Transport for London

Two members of the cybercrime group Scattered Spider have pleaded responsible to hacking into Transport for London (TfL) methods in 2024.

Talha Jubair, 20, and Owen Flowers, 18, hacked into London’s transport system between August 31 and September 3, 2024, inflicting thousands and thousands of kilos in losses.

Joubert and Flowers had beforehand refused to participate within the case, however modified their pleas to responsible on the primary day of the trial at Woolwich Crown Court docket.

TfL is the general public physique answerable for managing massive components of London’s transport community, serving a metropolitan space of ​​thousands and thousands and dealing with hundreds of journeys every single day.

On 2 September 2024, TfL’s infrastructure suffered a cybersecurity incident that induced operational disruption for a number of days.

The attackers accessed knowledge in TfL’s Oyster refund system, disrupting buyer refund companies and delaying refunds to some customers.

On September 12, TfL confirmed that buyer knowledge had been stolen within the assault, and the UK’s Nationwide Crime Company (NCA) introduced the arrest of then-suspect Flowers on the identical day.

Mr Joubert and Mr Flowers had been arrested on 18 September 2025 after investigators recovered incriminating proof in opposition to each males past the TfL cyber assault. Mr Flowers breached his bail situations twice, in March and Might 2025.

In line with the NCA, TfL’s cyber assault compelled all 28,000 workers to go to their native places of work to reset their passwords and induced the general public transport operator £29 million ($38.3 million) in monetary injury.

NCA Deputy Director Paul Foster stated: “This assault induced thousands and thousands of kilos in injury to a key a part of the UK’s vital nationwide infrastructure and induced important inconvenience to our prospects.”

“Right this moment’s final result wouldn’t have been doable with out TfL participating with regulation enforcement early on, so we urge different organizations to do the identical in conditions like this.”

Investigators seized a number of gadgets from Flower’s house, together with a laptop computer containing screenshots displaying connections to TfL infrastructure, proof of entry to a market promoting stolen credentials, and video displaying Juvea infiltrating TfL methods.

The NCA stated the hackers communicated through Telegram and a shared on-line collaboration platform throughout the breach.

Along with TfL, authorities have additionally linked Flowers to intrusions at US healthcare suppliers SSM Healthcare Company and Sutter Well being.

The 2 Scattered Spider members had been scheduled to go on trial on June twenty second, however the verdict was postponed to July sixteenth after their pleas had been modified to responsible.