London, November 23, 2025
Two British teenagers have pleaded not guilty to charges related to the August 2024 cyberattack on Transport for London (TfL), which caused significant disruption and data breaches affecting millions. The defendants appeared in Southwark Crown Court amid ongoing investigations into this major cybercrime incident attributed to the Scattered Spider group.
Two individuals, 19-year-old Thalha Jubair and 18-year-old Owen Flowers, were formally charged in connection with the cyberattack that targeted TfL’s critical digital infrastructure in August 2024. Both entered not guilty pleas during their hearing at Southwark Crown Court and remain in custody as proceedings continue.
The attack severely impacted TfL’s operations for three months, causing estimated losses of £39 million. Critical services such as online ticketing, real-time information boards, traffic cameras, and “dial a ride” bookings were disrupted. Moreover, the breach exposed personal data, including names, emails, home addresses, and potentially bank details, heightening concerns over privacy and security for affected users.
Flowers is also alleged to have conducted unauthorized cyber activities against U.S.-based health organizations SSM Health and Sutter Health, targeting their computer systems. Jubair faces additional charges in the United States and is accused of not disclosing passwords for devices seized during a March 2025 search.
Broader Context of the Cyberattack and Investigation
The cyberattack has been linked to Scattered Spider, a cybercriminal group known for their sophisticated intrusions into critical infrastructure. The investigation has involved collaboration between the UK’s National Crime Agency (NCA), City of London Police, and international law enforcement partners, including the FBI. In total, four suspects—three teenagers and one woman—have been arrested in connection with the incident.
This case exemplifies the rising threat posed by young, technologically skilled individuals engaging in cybercrime. It also exposes vulnerabilities within public sector digital systems, prompting urgent calls for enhanced cybersecurity measures to prevent future attacks against essential services.
Significance and Legal Implications
The charges mark one of the most substantial cyberattacks on UK critical infrastructure in recent years. The outcome of this case is expected to set important legal precedents for how the UK prosecutes cybercrime, especially as it involves minors and transnational elements.
The ongoing trial, with a provisional start date of June 8, 2026, and a pre-trial hearing scheduled for February 13, 2026, underscores the complexity and severity of cybercrime investigations. The case also spotlights the challenges law enforcement and policymakers face in adapting legal frameworks and defensive strategies to counter increasingly sophisticated cyber threats.
As the world becomes more digitally interconnected, the TfL cyberattack serves as a stark reminder of the urgent need for resilient cybersecurity infrastructure and international cooperation to safeguard vital public services.