NEWSAR
Multi-perspective news intelligence
SRCThe Guardian - World News
LANGEN
LEANCenter-Left
WORDS599
ENT12
MON · 2026-06-22 · 16:49 GMTBRIEF NSR-2026-0622-86462
News/Two Britons plead guilty to £39m 2024 cyber-attack on Transp…
NSR-2026-0622-86462News Report·EN·Legal & Judicial

Two Britons plead guilty to £39m 2024 cyber-attack on Transport for London

Two British individuals, Thalha Jubair, 20, and Owen Flowers, 18, have pleaded guilty to a 2024 cyber-attack on Transport for London (TfL). The attack, attributed to the Scattered Spider hacking group, resulted in a £39 million loss for TfL and affected 10 million people.

Dan Milmo Global technology editorThe Guardian - World NewsFiled 2026-06-22 · 16:49 GMTLean · Center-LeftRead · 3 min
Two Britons plead guilty to £39m 2024 cyber-attack on Transport for London
The Guardian - World NewsFIG 01
Reading time
3min
Word count
599words
Sources cited
3cited
Entities identified
12entities
Quality score
100%
§ 01

Briefing Summary

AI-generated
NEWSAR · AI

Two British individuals, Thalha Jubair, 20, and Owen Flowers, 18, have pleaded guilty to a 2024 cyber-attack on Transport for London (TfL). The attack, attributed to the Scattered Spider hacking group, resulted in a £39 million loss for TfL and affected 10 million people. Jubair and Flowers admitted to unauthorized acts against TfL's computer systems, causing risk of serious damage to human welfare. Flowers also pleaded guilty to hacking two US healthcare companies. The guilty pleas were entered on the first day of their trial at Woolwich crown court. The National Crime Agency highlighted the growing threat from UK-based hackers. Sentencing is scheduled for July 15.

Confidence 0.90Sources 3Claims 5Entities 12
§ 02

Article analysis

Model · rule-based
Framing
Legal & Judicial
Technology
Tone
Measured
AI-assessed
CalmNeutralAlarmist
Factuality
0.90 / 1.00
Factual
LowHigh
Sources cited
3
Well sourced
FewMany
§ 03

Key claims

5 extracted
01

The incident highlights a growing threat from UK-based and English-speaking hackers, exemplified by the Scattered Spider group.

factualPaul Foster (NCA)
Confidence
1.00
02

The attack disrupted TfL's Go app, website, and payment systems, including Oyster and contactless payments.

factualTfL
Confidence
1.00
03

Two British individuals, Thalha Jubair and Owen Flowers, pleaded guilty to a cyber-attack on Transport for London in 2024.

factualNational Crime Agency
Confidence
1.00
04

Thalha Jubair is also accused by the US Department of Justice of involvement in cyber-attacks targeting 47 US organizations for over $100m in ransom.

factualUS Department of Justice
Confidence
0.90
05

The cyber-attack on TfL resulted in a £39m loss and affected up to 10 million customers.

factualProsecutors/BBC
Confidence
0.90
§ 04

Full report

3 min read · 599 words
Two British cybercriminals from the Scattered Spider hacking group have pleaded guilty to a Cyber-attack on Transport for London in 2024 that cost £39m and affected 10 million people.Thalha Jubair, 20, and Owen Flowers, 18, pleaded guilty to offences under the Computer Misuse Act at Woolwich crown court on Monday.The National Crime Agency (NCA) said last year it believed the attack was carried out by an online hacking community known as Scattered Spider, suspected of carrying out a series of attacks in recent years. TfL, the London mayor’s transport authority, handles up to 5m passenger journeys a day on the underground alone.The organisation said it emailed more than 7 million customers in September 2024 “to inform them about the incident” and tell them that “some customer data may have been taken”. The BBC has reported that 10 million TfL customers had their data stolen.The attack prevented live tube arrival information from appearing on the TfL Go app and the TfL website, while TfL was also unable to process any payments on the Oyster and contactless apps or to register Oyster cards to customer accounts.Prosecutors said the cyber-attack resulted in a £39m loss for TfL as well as a “loss of livelihood” for people dependent on TfL licences, Westminster magistrates court previously heard.Jubair, of Bow, east London, and Flowers, of Walsall, West Midlands, both admitted conspiring to commit unauthorised acts against computer systems belonging to TfL, causing risk of serious damage to human welfare.Flowers alone also admitted hacking two US healthcare companies. He admitted conspiring to commit unauthorised acts against computer systems belonging to SSM Health Care Corporation and attempting to commit unauthorised acts against computer systems belonging to Sutter Health, on or about 6 September 2024.The pair entered their guilty pleas on the first day of what was due to be a six-week trial. Mr Justice Turner remanded Jubair – wearing glasses in a grey suit, shirt and tie – and Flowers – wearing glasses in a blue sweater and grey tracksuit bottoms – in custody before a two-day sentencing hearing on 15 July.Jubair has also been accused by the US Department of Justice of involvement in a series of cyber-attacks that targeted 47 US organisations and garnered more than $100m (£75m) in ransom payments.Flowers denied two further hacking charges and they were ordered to lie on file.Paul Foster, the head of the NCA’s national cyber crime unit, said the TfL incident underlined the growing threat from homegrown and English-speaking hackers. Typically, crippling hacks on high-profile public and private organisations have been carried out by Russian speaking hackers or assailants based in the former Soviet Union.“The profile of offenders like Flowers and Jubair demonstrates the increasing threat from cybercriminals based in the UK and other English-speaking countries, epitomised by Scattered Spider,” he said.The NCA said the hackers had accessed TfL’s refunds system leaving some customers out of pocket for much longer than usual. The attack also shut the application system for Oyster photocards for children and young people.Foster added that the damage showed cybercrime has “real-world consequences and impacts hugely on the public” despite appearing to be “faceless and distant” compared with other crimes.Investigators found a number of devices at Flowers’ West Midlands home including laptops, hard drives and USB sticks. One laptop contained a screen shot showing network connectivity to TfL infrastructure.The laptop also contained a number of videos that Flowers had recorded, showing Jubair accessing TfL systems during the attack. The pair were using the Telegram messaging platform to communicate with each other and also communicated through an online tool where multiple participants can work together remotely.
§ 05

Entities

12 identified
§ 06

Keywords & salience

10 terms
transport for london
1.00
cyber-attack
1.00
scattered spider
0.90
data theft
0.80
computer misuse act
0.70
national crime agency
0.60
hacking
0.50
financial loss
0.50
us healthcare companies
0.40
ransom payments
0.40
§ 07

Topic connections

Interactive graph
No topic relationship data available yet. This graph will appear once topic relationships have been computed.