Two Charged Over TfL Cyber Attack Linked to Scattered Spider Group

by admin | Sep 19, 2025 | Criminal Law, Fraud, General News, Internet, Internet Crime, Organised Crime | 0 comments

Net Tightens on Cyber Attackers in Recent TfL Hacking Incident

The National Crime Agency (NCA) has charged two young men in connection with a major cyber attack on Transport for London (TfL), following a year-long investigation into the online criminal collective known as Scattered Spider.

Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were arrested at their home addresses earlier this week. Both suspects are due to appear at Westminster Magistrates’ Court on 18 September, facing serious allegations under the Computer Misuse Act.

The TfL Network Intrusion

The attack, which took place on 31 August 2024, is said to have caused significant disruption and “millions in losses” to the capital’s transport authority. The NCA has described the incident as an attack on the UK’s critical national infrastructure, underlining the gravity of the case.

According to investigators, the network intrusion bore the hallmarks of Scattered Spider, a loosely organised cybercrime group known for targeting large corporations, particularly in English-speaking countries.

Charges Brought

Jubair faces charges of conspiring to commit unauthorised acts against TfL’s systems, and an additional charge under the Regulation of Investigatory Powers Act (RIPA) for allegedly failing to disclose device passwords.
Flowers, who was initially arrested in September 2024, faces similar charges in relation to the TfL breach. He has also been charged with conspiring to attack the systems of two major US healthcare providers — SSM Health Care Corporation and Sutter Health.

Deputy Director Paul Foster of the NCA’s National Cyber Crime Unit said:

“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure. Scattered Spider is a clear example of the increasing threat from cyber criminals, both in the UK and overseas. We are committed to ensuring those responsible face justice.”

Cybercrime and the Law

The case highlights how offences under the Computer Misuse Act 1990 can be prosecuted. The Act criminalises unauthorised access to computer systems, interference with data, and the creation or supply of malicious software.

Convictions can carry long custodial sentences, especially when attacks target essential services or cause widespread financial harm.

Jubair’s RIPA charge also underscores how refusing to provide passwords or encryption keys can itself be a criminal offence – a rarely used but powerful legal tool for investigators in cybercrime cases.

International Dimension

This prosecution has an international dimension, with Flowers accused of targeting healthcare networks in the United States.

The investigation has involved collaboration between the NCA, City of London Police, West Midlands ROCU, British Transport Police, and the FBI.

Cybercrime often crosses borders, meaning UK defendants may face proceedings linked to foreign victims or companies.

The Broader Picture: Cybercrime as a Growing Threat

Recent years have seen a sharp increase in cyber attacks against public bodies, critical infrastructure, and private businesses.

High-profile cases like this demonstrate both the financial and reputational damage that can result, alongside the wider public safety concerns when services such as transport or healthcare are disrupted.

Legal experts warn that individuals involved in cybercrime – even at a young age – can face life-changing consequences. The combination of UK and international law means charges can be complex, wide-reaching, and carry long-term penalties.

For businesses and individuals alike, the case serves as a reminder of the importance of cybersecurity and compliance.

For defendants, it highlights the seriousness with which authorities now treat hacking and online fraud, especially where critical services are concerned.

How We Can Help

If you have any questions regarding legal representation for cyber crime offences please don’t hesitate to call us now on 0161 477 1121 or email us.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.