Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Linus Torvalds Clarifies Linux Kernel’s Stance on AI Development
July 17, 2026
7-Zip Critical Vulnerability Exposes Millions to Remote Code Execution
July 17, 2026
Two Hackers Jailed for Hacking 148 TfL Systems, Forcing 27,000 Staff Password Resets
July 17, 2026
Home/CyberSecurity News/Two Hackers Jailed for Hacking 148 TfL Systems, Forcing 27,000 Staff Password Resets
CyberSecurity News

Two Hackers Jailed for Hacking 148 TfL Systems, Forcing 27,000 Staff Password Resets

Key Takeaways Two individuals associated with the Scattered Spider group were sentenced for a cyberattack on Transport for London (TfL). The breach in August-September 2024 disrupted 148 TfL systems,...

Sarah simpson
Sarah simpson
July 17, 2026 4 Min Read
2 0

Key Takeaways

  • Two individuals associated with the Scattered Spider group were sentenced for a cyberattack on Transport for London (TfL).
  • The breach in August-September 2024 disrupted 148 TfL systems, forced 27,000 staff password resets, and cost approximately £29 million.
  • Services for vulnerable citizens and public transport operations experienced significant disruptions and delays.
  • Investigators highlight the potential for far greater economic damage if the attack had not been contained.

Hackers Behind Major TfL Cyberattack Sentenced to Prison

Two key members of the notorious cybercrime collective Scattered Spider have received significant prison sentences for their involvement in a 2024 attack that severely crippled Transport for London (TfL) systems. The extensive breach impacted 148 critical systems, necessitated a mandatory in-person password reset for all 27,000 TfL employees, and incurred an estimated £29 million in damages for the public transport operator.

Table Of Content

  • Key Takeaways
  • Hackers Behind Major TfL Cyberattack Sentenced to Prison
  • Guilty Pleas and Sentencing
  • Impact of the Cyber Infiltration
  • The Scattered Spider Connection and Investigation
  • What You Should Do

Guilty Pleas and Sentencing

On June 22, 2026, Thalha Jubair and Owen Flowers admitted guilt to charges related to the cyberattack on Transport for London, an incident that led to considerable operational disturbances. Jubair, 20, residing in East London, and Flowers, 18, from Walsall, were each handed a sentence of five years and six months at Woolwich Crown Court on July 16, 2026. Both individuals pleaded guilty under Section 3ZA of the Computer Misuse Act, which addresses unauthorized actions causing or risking severe harm, marking it as the most serious offense under the Act.

Impact of the Cyber Infiltration

Between August 31 and September 3, 2024, the duo successfully penetrated TfL’s digital infrastructure. While rapid containment efforts prevented the most catastrophic outcomes, several public-facing services were nonetheless affected. Disruptions included essential services like Dial-a-Ride for vulnerable Londoners, the processing of concessionary travel cards, digital payment functionalities, Oyster card refunds, and the application process for children’s Oyster photocards. Furthermore, the planned expansion of contactless ticketing systems faced delays.

The aftermath of the attack required all 27,000 TfL personnel to physically visit an office location to reset their passwords. Critical operational systems had to rely on manual workarounds, and customer data from the Oyster refunds system was accessed, leading to extended wait times for some individuals awaiting their money. Following the incident, TfL promptly reported the cyberattack to the City of London Police’s Report Fraud service.

Two young men have been sentenced for launching a cyber attack on Transport for London (TfL) which cost tens of millions of pounds in losses and inconvenienced thousands of customers.

Thalha Jubair and Owen Flowers were identified by the NCA and @CityPolice following the attack… pic.twitter.com/ZJdmdZhXRJ

— National Crime Agency (NCA) (@NCA_UK) July 16, 2026

Investigators emphasized the severe potential consequences, noting that a complete shutdown of London’s transport network could have inflicted an economic cost of up to £56 billion on the UK economy.

The Scattered Spider Connection and Investigation

Jubair and Flowers were identified as prominent figures within Scattered Spider, a cybercrime group notorious for its sophisticated use of social engineering, SIM-swapping, and data extortion tactics. The National Crime Agency (NCA) and City of London Police collaborated to identify the perpetrators following the TfL breach, leading to their arrests at their respective homes on September 16, 2024.

Evidence recovered from Flowers’ residence, including laptops, desktop towers, hard drives, and USB drives, contained a screenshot demonstrating connectivity to TfL’s infrastructure and video recordings of Jubair actively accessing TfL systems during the attack. The two communicated via Telegram and utilized a shared remote workspace for their illicit activities. Further investigation revealed Flowers’ involvement in hacking US healthcare providers SSM Health and Sutter Health. He was subsequently re-arrested for violating bail conditions related to device usage, while Jubair faced charges for failing to provide device PINs and passwords.

Microsoft’s analysis indicated that the arrests significantly impaired Scattered Spider’s operational capabilities, despite the possibility of other actors continuing to misuse the group’s branding.

Paul Foster, Deputy Director at the NCA, hailed the prosecution as the largest cybercrime case ever brought before UK courts, urging organizations to engage law enforcement authorities at an early stage. Commander Ollie Shaw of the City of London Police highlighted the proposed Cyber Crime Risk Orders as a potential tool for imposing restrictions on high-risk offenders’ device and technology use, effectively creating a form of “digital prison.”

Security Minister Dame Angela Eagle and TfL Commissioner Andy Lord commended the investigative efforts and underscored the critical need for enhanced cyber resilience across all sectors. The FBI Cyber Division noted Scattered Spider’s consistent reliance on extortion and social engineering against vital services.

What You Should Do

  • Implement strong, unique passwords for all accounts and enforce multi-factor authentication (MFA).
  • Conduct regular cybersecurity awareness training for all staff, focusing on social engineering tactics like phishing and pretexting.
  • Ensure robust incident response plans are in place and regularly tested to minimize the impact of potential breaches.
  • Maintain up-to-date security patches and configurations for all systems and network devices.
  • Regularly back up critical data and verify the integrity of these backups.
  • Establish clear communication channels with law enforcement and cybersecurity agencies for early engagement in case of an attack.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachHackerSecurity

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

AnyDesk Critical 0-Day Vulnerability Lets Attackers Trigger DoS

Next Post

7-Zip Critical Vulnerability Exposes Millions to Remote Code Execution

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
SonicWall SMA 1000 Zero-Day Actively Exploited
July 16, 2026
AI Penetration Testing Now Covers Retrieval Poisoning, Memory, and Sensor Attacks
July 16, 2026
Telegram 2FA Not Cracked, Attackers Hijack Logged-In Sessions
July 16, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us