Two teenagers, aged 19 and 18, have been charged in connection with a major cyberattack on Transport for London (TfL), which led to financial losses exceeding Ksh52 billion. The attack, attributed to the cybercriminal group known as Scattered Spider, targeted TfL in August 2024, resulting in the compromise of sensitive customer data, including names and contact information. Despite the intrusion, the cyberattack did not cause any major disruptions to transport operations but forced TfL to shut down some critical functions, such as traffic cameras and dial-a-ride bookings, and left the system unable to process some payments.
The individuals involved, Thalha Jubair, from East London, and Owen Flowers, from Walsall in the West Midlands, were arrested during an operation by the National Crime Agency (NCA) and City of London Police. The teenagers have been charged with conspiring together to commit unauthorized acts against TfL under the Computer Misuse Act. Additionally, Jubair faces extra charges for failing to disclose the pin or passwords for devices seized during the investigation.
The attack on TfL is considered a significant breach, with the National Crime Agency confirming the damage caused by the intrusion as substantial. The NCA’s Cyber Crime Unit head, Paul Foster, called the charges a “key step” in the ongoing investigation, emphasizing that the attack caused millions in losses to TfL, part of the UK’s critical national infrastructure.
The investigation, which has gained international attention, has seen collaboration between UK authorities and international law enforcement agencies, including the FBI. The Scattered Spider group, known for its aggressive cyberattacks, has also been linked to several major incidents, including attacks on retailers such as M&S, Co-op, and Harrods. These attacks have resulted in significant financial losses, with M&S alone estimated to have incurred losses of up to £300 million.
The NCA’s efforts to combat cybercrime have been bolstered by support from regional crime units and the British Transport Police. The rapid response by TfL to report the cyberattack and their cooperation with the NCA has been praised, as it played a vital role in the investigation and the eventual arrests.
This case highlights the growing threat posed by cybercriminal groups operating within the UK and across English-speaking countries, underlining the urgent need for robust cybersecurity measures to protect critical infrastructure and sensitive data.
