Two Jailed Over Record-Breaking TfL Cyberattack


Thalha Jubair and Owen Flowers were jailed after the 2024 TfL cyberattack caused £29 million in losses.

Two men have been jailed for their roles in the 2024 cyberattack on Transport for London (TfL), in a case the National Crime Agency (NCA) has described as the largest cybercrime prosecution ever brought before the UK courts.

On July 16, 2026, Thalha Jubair, 20, of East London, and Owen Flowers, 18, of Walsall, West Midlands, were each sentenced to five years and six months in prison at Inner London Crown Court after admitting their involvement in the attack. Both defendants had initially denied the charges before later entering guilty pleas.

The breach took place between August 31 and September 3, 2024, when the pair used social engineering techniques to obtain employee credentials and gain access to TfL’s internal network. Investigators said the stolen credentials provided them with extensive administrative privileges, effectively giving them unrestricted access to critical systems.

Although London’s transport network continued operating throughout the incident, the cyberattack disrupted several online services relied upon by customers. The breach also compromised customer data and resulted in an estimated £29 million in financial losses and recovery costs. TfL said restoring affected systems took around six months.

According to the NCA, Jubair and Flowers were members of the online cybercrime collective Scattered Spider, a loose network known for targeting major organizations through phishing and other forms of social engineering. During the investigation, officers recovered recordings of the attack, Telegram conversations discussing the intrusion, and digital evidence from electronic devices seized when both men were arrested in September 2025.

Investigators also uncovered evidence of additional cyber offences. Flowers admitted carrying out attacks against U.S. healthcare providers SSM Health and Sutter Health, while the court heard that both defendants continued engaging in cyber-related activity even after their arrests. Authorities also recovered substantial cryptocurrency assets believed to be connected to their criminal activity.

During sentencing, Judge Mark Turner said the pair possessed significant technical ability but chose to use those skills to commit serious criminal offences. He told the court their actions caused widespread disruption and substantial financial losses, adding that the offending appeared to be motivated by notoriety and “selfish bravado” rather than financial need.

The NCA said the convictions have effectively dismantled the UK’s leadership of the Scattered Spider collective and represent a significant milestone in the fight against organized cybercrime. The agency credited the outcome to a lengthy and highly complex investigation carried out alongside the City of London Police and other law enforcement partners.

Paul Foster, head of the NCA’s National Cyber Crime Unit, said the investigation demonstrates that those responsible for high-profile cyberattacks can be identified and brought before the courts, regardless of the technical measures they use to conceal their activities.

Related articles :


Reports are sourced from official documents, law-enforcement updates, and credible investigations.

Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.