Two British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of pounds in damage and exposed customer data.
Believed to be members of the Scattered Spider hacking collective, 19-year-old Thalha Jubair from east London and 18-year-old Owen Flowers from Walsall were arrested at their homes in September 2024 by officers from the UK National Crime Agency (NCA) and the City of London Police.
Flowers was also arrested for his alleged involvement in the TfL attack in September 2024, but was released on bail after being questioned by NCA officers.
According to a Sky News report, Jubair and Flowers have now pleaded not guilty to computer misuse and fraud-related charges at Southwark Crown Court. The charges allege the defendants caused “or creating a significant risk of, serious damage to human welfare and intending to cause such damage or being reckless as to whether such damage was caused.”
TfL disclosed the August 2024 breach on September 2, 2024, stating that it had found no evidence that customer data was compromised. While this attack did not affect London’s transportation services, it disrupted online services and internal systems, as well as the public transportation agency’s ability to process refunds.
In a subsequent update, TfL revealed that customer data, including names, addresses, and contact details, was actually compromised during the incident. TfL provides transportation services to more than 8.4 million Londoners through its surface, underground, and Crossrail systems, which are jointly managed with the UK’s Department for Transport.
Flowers is also facing charges involving conspiring to attack the networks of SSM Health Care Corporation and Sutter Health in the United States, while Jubair is separately charged with failing to disclose passwords seized from him in March 2025.
“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure,” said Paul Foster, the head of the NCA’s National Cyber Crime Unit, in September. “Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example.”
In September, the U.S. Department of Justice also charged Jubair with conspiracy to commit computer fraud, money laundering, and wire fraud. These charges relate to at least 120 incidents of network breaches between May 2022 and September 2025, affecting at least 47 U.S. organizations and including extortion attempts worldwide and attacks on critical infrastructure entities and U.S. courts.
According to court documents, victims have paid Jubair and his accomplices over $115 million in ransom payments.
In July, the NCA arrested four other suspected members of the Scattered Spider cybercrime collective, believed to be linked to cyberattacks against major retailers in the country, including Marks & Spencer, Harrods, and Co-op.
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.