- Two British men admitted to a 2024 Transport for London cyber-attack.
- The breach impacted 10 million people and cost £39m total.
- Convicted individuals have links to the Scattered Spider hacking group.
Thalha Jubair and Owen Flowers pleaded guilty at Woolwich crown court. They admitted to conspiracies involving unauthorised acts against TfL computer systems. These crimes caused risk of serious damage to human welfare throughout the city. The duo is linked to the Scattered Spider hacking collective.
The breach led to data theft affecting 10 million customers in 2024. It is noted that TfL emailed 7 million users in September. This happened because some customer data was likely taken during the event. The total financial hit reached £39m for the authority.
TfL digital services suffered outages during the attack
Operational disruptions were severe because the TfL Go app stopped showing tube arrivals. Payment processing on Oyster and contactless apps was broken. Users could not register Oyster cards to accounts during the downtime. It was a mess for the daily commute.
Owen Flowers also confessed to targeting US healthcare firms. He conspired against SSM Health Care Corporation and tried to hit Sutter Health. Healthcare systems were targeted around 6 September 2024 by the individual. These extra charges were handled separately by the court.
Thalha Jubair faces additional US Department of Justice accusations. He is linked to attacks on 47 US organisations. Ransom payments exceeded 100m dollars in those cases. The two men remain in custody before a sentencing hearing on 15 July.
Certain charges were ordered to lie on file. Jubair denied failing to disclose info after devices were seized on 19 March. Flowers denied two other hacking charges. The trial was meant to be six weeks but ended early due to the pleas.
