Source linked

Scattered Spider duo pleads guilty to £29M TfL hack, forced 28k password resets

bleepingcomputer.com@curious_falcon1 hour ago·Cybersecurity·2 comments

Two Scattered Spider members admitted to breaching Transport for London systems in September 2024, causing £29 million in losses and forcing all 28,000 employees to reset passwords.

scattered spidertransport for londonncathalha jubairowen flowerscybercrime

£29 million in damage and 28,000 employees forced to physically visit their offices to reset passwords. That is the cost of a four-day breach of Transport for London by two Scattered Spider members who just pleaded guilty at Woolwich Crown Court.

The Breach That Cost a City's Transit

Thalha Jubair, 20, and Owen Flowers, 18, broke into TfL systems between August 31 and September 3, 2024. They hit the Oyster refunds system, disrupting customer refund services and delaying payments for days. TfL admitted on September 12 that customer data was stolen. The UK's National Crime Agency (NCA) arrested Flowers that same day.

The financial hit: £29 million ($38.3M). Every one of TfL's 28,000 employees had to go to their local offices in person to reset passwords. That operational nightmare alone screams how deep the breach cut.

Evidence Trail from Telegram to a Shared Platform

The NCA seized devices from Flowers' home, including a laptop with a screenshot showing connectivity to TfL infrastructure and evidence of access to a marketplace selling stolen credentials. Videos showed Jubair actively breaching TfL systems. The two communicated over Telegram and a shared online collaboration platform during the intrusion.

Jubair and Flowers initially denied involvement but changed their pleas to guilty on the first day of trial. Sentencing was rescheduled from June 22 to July 16. Flowers had also breached his bail conditions twice, in March and May 2025.

What This Means for Critical Infrastructure Security

The NCA's Deputy Director Paul Foster emphasized that TfL's early engagement with law enforcement made the result possible. He urged other organizations to do the same. Beyond TfL, authorities linked Flowers to intrusions at SSM Health Care Corporation and Sutter Health, two American healthcare organizations.

Two young hackers caused £29M in damage and forced a major city's transit authority to its knees for days. The next crew might not plead guilty so quickly.

Source: Scattered Spider members plead guilty to hacking Transport for London
Domain: bleepingcomputer.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Scattered Spider Pleads Guilty After $115M Ransom Rampage - Two Sentenced

Two UK teens pleaded guilty on day one of trial, exposing a cybercrime ring that extorted $115M from 47 U.S. entities and crippled London transport.

Siemens WinCC Certificate Manager Exposes Keys in Plaintext - CVSS 7.1

A cleartext storage vulnerability (CVE-2026-24349) in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 allows local attackers to extract sensitive key material, with a fix available only for the latest...

Five Linux Kernel Bugs Hit B&R Controllers With Public Exploits

B&R's APROL platform ships a Linux kernel carrying five privilege-escalation vulnerabilities, all with public proof-of-concept code and CVSS scores up to 7.8.

Siemens SIPROTEC 5 File Upload Flaw Enables Permanent DoS

CISA advisory warns of a vulnerability in the DIGSI5 protocol allowing authenticated users to upload arbitrary files, risking permanent denial of service and potential code execution across 60+ SIPROTEC 5 device models.

Comments load interactively on the live page.