British teen hackers jailed over £29m TfL cyberattack

British teen hackers jailed over £29m TfL cyberattack
Passengers exit a London Underground train. London, UK. 21 April, 2026
Reuters

Two British hackers who carried out a cyberattack on Transport for London (TfL) that cost the transport authority £29 million to remediate have been jailed for a total of 11 years.

Thalha Jubair, 20, and Owen Flowers, 18, were each sentenced to five and a half years in prison on Thursday after admitting their roles in the attack, which took place between 31 August and 3 September 2024.

The pair pleaded guilty last month, on what would have been the first day of their trial, to offences linked to the breach of TfL's computer systems. Flowers also admitted carrying out cyberattacks against two non-profit healthcare providers in the U.S. shortly after the TfL hack.

Sentencing the pair at Woolwich Crown Court, Judge Mark Turner said they had been "primarily motivated by selfish bravado, heedless of the severe consequences for others".

Attack gave hackers highest level of access

Prosecutors said the hackers gained the highest level of access within TfL's network, effectively obtaining what was described in court as "the keys to the kingdom".

At one stage, they had the ability to lock administrators out of the system and potentially shut down critical services entirely.

The cyberattack led to the theft of data belonging to millions of customers, forced 27,000 TfL employees to reset their passwords and disrupted services, including the Dial-a-Ride booking system used by disabled passengers.

Although London's Underground and bus services continued operating, TfL said the intrusion had the potential to cause catastrophic damage and prolonged disruption across the network.

Andy Lord, TfL's commissioner, described it as the most serious cyber incident he had encountered during his career.

Investigators said the hackers communicated throughout the operation using Telegram, while Flowers recorded a livestream that Jubair broadcast during the attack.

Links to Scattered Spider

The pair were described as key figures within the loose English-speaking cybercrime network known as Scattered Spider, a group linked to a series of high-profile hacks in recent years.

Court documents showed the pair openly referred to the group during their communications.

Messages presented during the hearing included references to Scattered Spider, with one exchange appearing to joke about membership status and another boasting about the group's activities.

Authorities said the pair had accumulated significant wealth through cybercrime, including cryptocurrency holdings worth millions of dollars.

What is known about the hackers?

Thalha Jubair
  • Aged 20 and from Bow, east London.
  • Lived with his parents in a council flat.
  • Began using computers and gaming at a young age.
  • Was reportedly writing computer programs by the age of 10.
  • Was introduced to hacking as a teenager.
  • Had previous convictions for fraud, unauthorised access to computers, blackmail and stalking.
  • Had previously hacked a City of London Police server.
  • Was 18 when the TfL attack was carried out.

Owen Flowers

  • Aged 18 and from Walsall in England's West Midlands.
  • Lived with his grandmother and uncle.
  • Spent much of his time gaming and participating in online chat forums.
  • Communicated extensively with Jubair during the attack.
  • Recorded a livestream of the TfL hack.
  • Admitted carrying out separate cyberattacks against two U.S. healthcare providers.
Growing threat of cybercrime

The case has highlighted the growing threat posed by young cybercriminals operating from their homes while targeting major organisations around the world.

Although the hackers led largely online lives, prosecutors said their actions had real-world consequences, affecting millions of commuters and imposing heavy costs on one of the world's largest public transport networks.

The sentencing brings to a close one of the most damaging cyberattacks ever suffered by TfL, but security experts say it also underscores the continuing challenge posed by loosely organised hacking groups such as Scattered Spider.

Tags