Two teenagers accused of orchestrating one of the most damaging cyber attacks on Britain’s transport network have been charged after a year-long investigation by the National Crime Agency (NCA).
A £39m Disruption to London’s Lifeline
The attack, which began on 31 August last year, paralysed parts of Transport for London’s (TfL) digital infrastructure for three months. While trains, buses and the Tube continued to run, information boards, online ticketing services and key customer platforms were knocked offline, forcing TfL to rely on manual operations.
The fallout was costly: £39 million in losses and disruption, according to TfL. At the height of the recovery operation, its 25,000 staff were summoned to offices across the capital to verify their identities in person.
More than 5,000 customers later received warnings that their personal data — including names, addresses, emails and bank details — may have been compromised.
Arrests in London and the Midlands
The NCA, working with City of London Police, arrested Thalha Jubair, 19, from east London, and Owen Flowers, 18, from Walsall in the West Midlands, at their homes on Tuesday morning.
Both men appeared at Westminster Magistrates’ Court on Thursday, charged with conspiring to commit unauthorised acts against TfL under the Computer Misuse Act. They were remanded in custody ahead of a hearing at Southwark Crown Court.
In court, Flowers wore a grey hoodie reading “off the grid”, while Jubair sat silently beside him in a black hoodie and glasses. The pair did not exchange words.
Scattered Spider Connection
Investigators believe the two defendants were working with or inspired by Scattered Spider, a cyber criminal network notorious for targeting major corporations and public bodies. The group, largely made up of young English-speaking hackers, has been linked to intrusions in the UK and the United States.
Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit, said:
> “This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure. Today’s charges mark a key step in what has been a lengthy and complex investigation.”
“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure.”
—- Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit,
A Wider Trail of Damage
The court also heard that Flowers allegedly continued offending while on bail, targeting American healthcare companies. Detectives uncovered evidence linking him to attempts to infiltrate SSM Health Care Corporation and Sutter Health.
The cross-Atlantic dimension underscores growing concern among UK security officials that British-based hackers are not only capable of crippling domestic infrastructure but also of exporting their attacks abroad.
TfL and Public Reaction
In a statement, TfL said:
> “We welcome this announcement by the National Crime Agency that two people have now been charged in relation to the cyber incident which impacted our operations last year.”
TfL Statement on the NCA’s charging of Hackers who infiltrated its systems
The incident has renewed debate about the resilience of Britain’s transport systems to hostile actors, with cybercrime increasingly viewed as a threat comparable to terrorism or sabotage.
A Growing National Risk
Earlier this year, the NCA issued a warning about the rising threat from English-speaking cyber gangs, stressing that groups such as Scattered Spider are becoming more sophisticated and more reckless.
For TfL — the organisation that keeps London moving — the case is a stark reminder of the vulnerability of critical infrastructure in the digital age.
