Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

Teen Hackers Jailed for Crippling TfL Cyber-Attack, Millions of Data Stolen

Two young men, Owen Flowers and Thalha Jubair, have been sentenced to five-and-a-half years in prison for a major cyber-attack on Transport for London (TfL) in 2024. The attack caused significant disruption, data theft, and an estimated cost of £29 million to the transport authority.

  • Owen Flowers, 18, and Thalha Jubair, 20, received five years and six months each for the 2024 TfL cyber-attack.
  • The hack, carried out as part of the 'Scattered Spider' collective, disrupted TfL services and stole data from millions of customers.
  • TfL incurred costs of £29 million due to the attack, which also affected critical services like Dial-a-Ride.
  • The pair gained access by tricking a help desk worker and live-streamed their 16-hour attack.
  • The National Crime Agency (NCA) highlights the rising threat of young hackers in the UK.

A high-profile cyber-attack on Transport for London (TfL) in August 2024 left millions of customers' personal data vulnerable to theft and caused widespread disruption to online services. The brazen hack, live-streamed online by two young men, has resulted in a substantial financial cost to the organisation, with estimates suggesting a £29 million loss.

Owen Flowers, 18, from Walsall, and Thalha Jubair, 20, from east London, were each handed prison sentences of five years and six months at Woolwich Crown Court after pleading guilty in June. The duo, part of the cybercrime collective 'Scattered Spider', used a sophisticated method to gain access to sensitive TfL systems: impersonating an employee and convincing a phone help desk worker to reset a password.

The consequences of the breach were far-reaching. Despite swift action by TfL's IT team to contain the damage, 148 technology systems became inoperable, affecting services such as Dial-a-Ride, which is crucial for disabled and vulnerable Londoners. The personal data of up to 10 million customers, stolen during the attack, remains at risk of being shared within criminal groups.

Flowers and Jubair, both described as computer-obsessed individuals with autism, were largely unsupervised and spent most of their time online. Flowers had previously received a cease and desist order for minor cybercrime in October 2023, and his arrest revealed him hacking two US healthcare providers, with messages showing he joked about potentially harming patients. Police seized approximately £1 million in cryptocurrency from Flowers, suggesting that the primary motivation behind the attack was online notoriety rather than financial gain.

The National Crime Agency (NCA) has identified an increasing trend of young hackers in the UK as a significant threat to national cybersecurity. The 'Scattered Spider' group, linked to numerous global cyber-attacks including those on major retailers such as Marks and Spencer and the Co-op, has been targeted by authorities in the UK, US, and Finland over the past two years.

Why this matters: This case highlights the growing threat posed by young cybercriminals to critical national infrastructure and personal data. The significant costs and widespread disruption demonstrate the severe real-world impact of such digital attacks.

What this means for you: What this means for you: If you are a TfL customer, particularly if you held an Oyster card in 2024, your personal data may have been compromised and could still be circulating among criminal groups. It serves as a reminder to remain vigilant about potential phishing attempts and to regularly update passwords for online services.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.