Loader
Advertisement

UK court jails two men over major cyberattack on London's transport network

TFL ambassadors display poems at a gathering to celebrate 40 years of 'Poems on the Underground' in London, Friday, 30 Jan., 2026. (AP Photo/Kirsty Wigglesworth)
TFL ambassadors display poems at a gathering to celebrate 40 years of 'Poems on the Underground' in London, Friday, 30 Jan., 2026. (AP Photo/Kirsty Wigglesworth) Copyright  Copyright 2026 The Associated Press. All rights reserved
Copyright Copyright 2026 The Associated Press. All rights reserved
By Greta Ruffino with AFP
Published on
Share Comments Add Euronews on Google
Share Close Button

TfL, which had to reset the passwords of around 27,000 employees, estimated the attack cost the organisation around £29 million (€34 million) in damages and a further £10 million (€11.7 million) in lost income.

A UK court on Thursday sentenced two young men to prison over a 2024 cyberattack on London's public transport operator that exposed the personal data of millions of customers in one of Britain's largest data breaches.

ADVERTISEMENT
ADVERTISEMENT

Thalha Jubair, 20, from east London, and Owen Flowers, 18, from England's West Midlands, were each sentenced to five-and-a-half years in prison at Woolwich Crown Court in London.

The pair pleaded guilty last month to hacking Transport for London’s (TfL) network between 31 August and 3 September 2024, gaining access to the names and contact details of around seven million customers.

"Two men have been sentenced for launching a cyber attack on Transport for London which cost tens of millions of pounds in losses and impacted thousands of customers," the City of London Police, wrote on X.

According to Judge Mark Turner, the attack did not disrupt transport services but left parts of TfL's systems offline for three months, costing the organisation around £25 million (€29.3 million).

Turner said the pair's actions had caused "very serious" disruption and were motivated primarily by "selfish bravado".

How did the hackers breach TfL's network?

According to prosecutor Mark Fenhalls, the pair gained access to the transport network using TfL employee credentials found on "russianmarket", a dark web marketplace for stolen logins.

The pair worked for 16 straight hours, communicating via the messaging app Telegram throughout the night, to breach the system after convincing the helpdesk to reset an employee's password.

During the intrusion, the teenagers searched the network for celebrities' travel histories and attempted to access customers' payment information.

After gaining additional privileges over several days, the hackers effectively held "the keys to the kingdom", giving them "control over the whole network", Fenhalls said.

During the intrusion, Flowers told Jubair that "the government deserves to be hacked", the court heard, as TfL and authorities, who discovered the attack on 1 September 2024, took days to regain control of the network.

"Experienced and talented"

Both men were linked to Scattered Spider, a cybercrime group believed to be behind a string of high-profile attacks, including those targeting British retailers Marks & Spencer and the Co-op.

Arrested in September 2025 following a National Crime Agency (NCA) investigation, prosecutors described the pair as "experienced and talented" hackers who had been known to police for years.

Flowers also admitted hacking US-based healthcare providers Sutter Health and SSM Health Care Corporation. The NCA said officers found him carrying out those attacks when they raided his home on 6 September 2024 as part of the TfL investigation.

Jubair had previously been convicted as a juvenile over cyberattacks targeting US chipmaker Nvidia and also admitted hacking the City of London Police.

Go to accessibility shortcuts
Share Comments Add Euronews on Google

Read more

Brussels pitches AI cybersecurity plan amid dependence on US models

Netflix faces backlash over AI-generated Gene Wilder voice for new Willy Wonka series

AI cyber threat is 'months, not years' away, Western intelligence agencies warn