Teen Hackers Jailed After Cyber-Attack That Crippled London Transport Network and Exposed Millions of Passenger Records
Two young members of the notorious cybercrime network Scattered Spider have been sentenced to five years and six months in prison after carrying out one of the most disruptive cyber-attacks in the history of Transport for London (TfL), an incident that exposed the personal data of millions of passengers, caused widespread disruption to public transport services, and cost the organisation tens of millions of pounds.
Eighteen-year-old Owen Flowers from Walsall and Thalha Jubair, 20, from east London, admitted their involvement in the attack, which they launched in August 2024 while they were still teenagers. The pair pleaded guilty in June 2026 before receiving their sentences at Woolwich Crown Court.
The case has drawn international attention, not only because of the enormous financial and operational damage inflicted on London’s transport authority, but also because it highlights the growing threat posed by highly skilled young cybercriminals operating through loosely organised online hacking groups.
A Cyber-Attack That Brought London’s Transport Systems to Their Knees
Investigators revealed that the hackers deliberately launched the attack on a Saturday evening, believing fewer staff would be available to detect suspicious activity.
By successfully impersonating a TfL employee, they convinced an IT help desk worker to reset an employee’s password, giving them access to critical internal systems.
Once inside, the attackers infiltrated TfL’s customer database, exposing the personal records of up to 10 million Oyster card users and customers. Court documents showed the pair searched for the details of well-known London celebrities before attempting to access sensitive financial information.
The cybercriminals even broadcast portions of their 16-hour hacking operation online, turning the attack into a form of entertainment while boasting to fellow hackers about their success.
One message sent during the breach mocked the transport authority, with Flowers joking that “Scattered Spider is creating webs on the London Underground.”
Millions of Records Stolen and Massive Financial Losses
The breach triggered one of the largest cyber security incidents ever experienced by Transport for London.
Authorities said the attack forced every one of the organisation’s 27,000 employees to reset their passwords in person after all staff accounts were logged out to stop the hackers from spreading deeper into the network.
In total, 148 technology systems were rendered unusable, disrupting numerous online services for several months.
Essential transport services, including Dial-a-Ride for disabled and vulnerable residents, were significantly affected.
TfL estimates the direct financial cost of responding to the attack reached approximately £29 million, while an additional £10 million was lost through disrupted operations and reduced income.
Officials believe the impact could have been even worse had TfL’s cyber security team not acted quickly by disconnecting critical systems from the internet after receiving intelligence from the National Crime Agency (NCA).
Data Still Circulating Among Criminal Networks
Despite the arrests, authorities say the stolen customer database continues to circulate within underground cybercrime communities.
Security investigators believe the database still contains the personal information of millions of TfL customers, raising ongoing concerns about identity theft, fraud and future cyber-enabled crimes.
The continued circulation of the stolen information demonstrates how cyber-attacks can have lasting consequences long after the perpetrators have been arrested.
Members of the Notorious Scattered Spider Network
Both hackers were linked to Scattered Spider, a loosely organised group of English-speaking cybercriminals responsible for several high-profile attacks against major organisations across the United Kingdom and the United States.
The group has previously been associated with cyber-attacks targeting major retailers, including Marks & Spencer and Co-op, among numerous other businesses.
Law enforcement agencies across Britain, the United States, Spain and Finland have arrested several young individuals believed to have connections with the organisation over the past two years.
A Troubling Pattern of Young Cybercriminals
Court proceedings revealed that both offenders lived largely isolated lives, spending most of their time online with few real-world friendships.
Judge Mr Justice Turner acknowledged their youth and autism diagnoses as mitigating factors during sentencing but stressed the seriousness of the offences and the enormous damage caused.
Flowers had already come to the attention of authorities in 2023 after receiving a cease-and-desist warning over earlier cybercrime activity. Investigators later arrested him in September 2024 while he was allegedly carrying out cyber-attacks against two healthcare providers in the United States.
Police also recovered cryptocurrency assets worth around £1 million during the investigation.
Evidence presented in court included disturbing online messages in which Flowers joked that one of his attacks could potentially result in “killing a 90-year-old on life support,” highlighting the reckless attitude investigators say characterised his criminal activities.
Jubair’s history with cybercrime began even earlier.
Given his first laptop at the age of ten, he reportedly learned computer programming before becoming involved with online criminal communities as a young teenager.
By the age of fourteen he had already been arrested, and in 2023 he received a Youth Rehabilitation Order for hacking offences connected to the notorious Lapsus$ cybercrime group, which previously targeted several multinational technology companies.
Court records show Jubair accumulated 22 previous convictions involving hacking, fraud and harassment.
Authorities in the United States are also seeking him in connection with alleged cybercrimes affecting 47 American victims, with investigators claiming the attacks generated approximately $115 million in ransom payments.
National Crime Agency Warns of Growing Threat
The National Crime Agency says the case reflects an alarming increase in young people becoming involved in sophisticated cybercrime.
Officials warned that many teenagers are being drawn into online criminal communities where hacking skills are celebrated and cyber-attacks are treated as a form of competition or entertainment.
Law enforcement agencies are urging parents, schools, technology companies and governments to work together to identify vulnerable young people before they become involved in organised cybercrime. Cyber security experts argue that tackling the issue will require more than arrests alone.
According to security analyst Allison Nixon, online hacking communities increasingly resemble organised youth gangs, where status is earned through causing maximum disruption and harm to victims.
Cybercrime Continues to Evolve
The sentencing of Owen Flowers and Thalha Jubair marks a significant victory for investigators, but experts warn it is unlikely to eliminate the broader threat posed by organised cybercriminal groups.
As governments, businesses and public institutions become increasingly dependent on digital infrastructure, cyber-attacks continue to grow in sophistication, making investment in cyber security, public awareness and early intervention among young internet users more critical than ever.
The TfL attack serves as a stark reminder that a small group of determined hackers can inflict enormous economic damage, compromise millions of personal records and disrupt essential public services within hours, reinforcing the urgent need for stronger cyber resilience across both the public and private sectors.


