Newsgather
GeriTwo Men Plead Guilty in Massive TfL Cyber Attack
Two Men Plead Guilty in Massive TfL Cyber Attack
Gelişiyor
BBC UK News22.06.2026Crime2 dk okumaUnited Kingdom

Two Men Plead Guilty in Massive TfL Cyber Attack

Hızlı Bakış

  • Two men, Thalha Jubair and Owen Flowers, pleaded guilty to charges related to a cyber attack on Transport for London (TfL) that caused months of disruption and cost £39m.
  • The breach affected 10m customers and accessed personal data.

Yapay zekâ özeti

Neden Önemli?

Two men have pleaded guilty to charges related to a cyber attack on Transport for London (TfL) that caused months of disruption and cost the operator £39m.

Yazı boyutu

Two men have pleaded guilty to offences in connection with a massive cyber attack which caused Transport for London (TfL) months of disruption and cost the operator £39m.

Thalha Jubair, 20, from east London and Owen Flowers, 18, from Walsall in the West Midlands changed their pleas on what was expected to be the first day of a six-week trial at Woolwich Crown Court on Monday.

The pair admitted to charges of conspiring to commit unauthorised acts against TfL under the Computer Misuse Act.

TfL previously said the hack disrupted services for three months when it began on 31 August 2024. The BBC was told the breach affected 10m customers.

They both pleaded guilty on the basis they recklessly accessed the systems without intending to do so.

Flowers also pleaded guilty of attempting to hack computer systems belonging to California-based Sutter Health and another US company, SSM Healthcare Corporation.

The transport operator's online services were impacted and customers were unable to see some information boards because they went offline during the attack.

TfL wrote to thousands of customers to tell them about the unauthorised access to some personal information.

Data from TfL's Oyster refunds system was accessed and the incident also affected TfL's customer refund system, leaving some out of pocket for much longer than usual. It also closed down the application system for Oyster photocards for children and young people.

At the time of Flowers and Jubair's arrests, investigators from the National Crime Agency (NCA) said they believed the "network intrusion" in summer 2024 was carried out by the online criminal group known as Scattered Spider.

Following the guilty pleas, the NCA said both men were had been arrested at their home addresses on 16 September 2024 as part of a joint investigation with the City of London Police.

One laptop contained a screenshot showing connectivity to TfL infrastructure, while videos found on the device appeared to show Jubair accessing TfL systems during the attack. The NCA said the pair communicated via Telegram and an online collaborative workspace.

Flowers was also found to have accessed an online tool selling breached credentials, according to investigators.

Judge Mr Justice Turner thanked all the legal representatives, expressing gratitude for the "hard work" that had enabled the court to find a "satisfactory way forward".

"Cyber crime may appear faceless and distant compared to other crime types, but the infiltration of TfL's systems shows it has real-world consequences and impacts hugely on the public," he said.

"The attack caused millions of pounds in losses to a key part of the UK's critical national infrastructure, and was a significant inconvenience for customers."

Açık Sorular

  • What are the full implications for TfL's security?
  • Were other individuals involved?
  • What is the timeline for compensation for affected customers?

İlgili Konular

Bu haber ilk olarak şurada yayınlandı: BBC UK News.

İlgili Haberler

Bu konuda daha fazlacyber attack