Two British teenagers, aged 18 and 19, entered not‐guilty pleas at London’s Southwark Crown Court in connection with a cyberattack on Transport for London (TfL) last year. The accused, Owen Flowers (18) from the West Midlands and Thalha Jubair (19) from East London, face charges under the Computer Misuse Act for conspiring to commit unauthorised acts against TfL’s computer systems. Prosecutors allege the attack occurred in August 2024 and targeted the organisation’s digital infrastructure, including systems supporting London’s tube and bus networks. TfL previously reported that the incident resulted in personal data access and financial losses.
Flowers is also charged with further offences relating to attempts to breach computer systems belonging to two U.S. healthcare firms: Sutter Health (California) and SSM Health Care Corporation (Missouri). He denied all allegations. Jebair likewise denied the charges when appearing at court on Friday. The trial is scheduled to begin in June 2026, with a preliminary hearing set for next February.
Investigators say the attack was sophisticated and part of a trend linking UK‐based young hackers to wider criminal networks. The authorities named the group Scattered Spider in earlier reporting as the suspected operator of multiple intrusion campaigns. The National Crime Agency (NCA) described the investigation as lengthy and complex, spanning months of forensic work and cross‐border cooperation.
TfL stated that although its transport service operations were not directly disrupted, customer and staff data were accessed. It has estimated losses of tens of millions of pounds and said it incurred significant costs from investigation, remediation and legal work. The exposure of ride‐history or contact data can raise privacy risks and may lead to phishing or identity theft attempts if the information is misused.
Legal analysts say the charges mark one of the more prominent instances of youth involvement in a high‐impact intrusion affecting national infrastructure. They noted the case might test how UK cybercrime laws apply to minors and to attacks involving complex criminal networks. Recovery of losses and accountability will depend on how the case progresses through trial and whether evidence proves the accused acted as part of the broader campaign.
For everyday users of services like TfL, the case serves as a reminder of the perils of digital systems when targeted by organised cybercrime. Transport systems rely on interconnected networks and third‐party vendors, which can offer pathways for intrusion. Security specialists stress that organisations should strengthen system segmentation, monitor abnormal login behaviour and alert users promptly when data may have been exposed.
Given the ongoing nature of the case, TfL and its partners continue to urge vigilance among customers. Passengers who receive unsolicited communications referencing journeys or contact details should treat them with suspicion. The outcome of the court proceedings will be closely watched by cybercrime experts, transport industry stakeholders and regulatory bodies interested in how disruptive digital attacks can reach critical public services.