
Two Hackers Sentenced to Prison for Attack on London Transit System
Young hackers who disrupted London's transport network receive jail time. The case shows that cybercrimes have real consequences.
Source
The Hacker News
Original headline: Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
Plain-English summary by GetCyberRight. Read the full report at the source above.
Two young hackers, Owen Flowers (age 18) and Thalha Jubair (age 20), were each sentenced to five and a half years in prison on July 16, 2026, for their role in a 2024 cyberattack on Transport for London (TfL). The attack left 148 computer systems inoperable and forced all 27,000 TfL employees to visit offices in person to reset their passwords. The court convicted them at Woolwich Crown Court, and both the NCA and CPS documented the extensive damage and recovery costs to the transport authority.
This attack affected London's public transportation system, which millions of people rely on daily.
While the article doesn't specify whether customer data was compromised, the disruption to systems could have affected payment processing, journey planning, and other services that riders depend on. Anyone who uses Transport for London services like the Tube, buses, or trains was potentially impacted by service disruptions during and after the attack.
If you use Transport for London services, here's what you should do:
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
If you have an online account with TfL for Oyster cards or contactless payment, change your password if you haven't done so since
Review your payment card statements for any unauthorized charges related to transit payments.
Enable two-factor authentication on your TfL account if this option is available. This case is important because it demonstrates that young people who commit cybercrimes face serious legal consequences. Both attackers were teenagers or in their early twenties when prosecuted. It's a reminder for parents to talk with children and teens about the serious legal and personal consequences of hacking, even if it seems like a game or challenge online. Cybercrimes are real crimes with real victims and real prison sentences.
Curated from trusted cybersecurity sources by GetCyberRight
Source: The Hacker NewsStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
Fairlife Dairy Attack Shows Why Critical Systems Need Better Protection
A ransomware attack halted all Fairlife dairy production. The real problem: critical production systems were connected to business networks they should never touch.
3 min readRansomware Attack Shuts Down Major US Dairy Producer Fairlife
A ransomware attack on Coca-Cola's Fairlife dairy stopped all US production, showing how cyberattacks now halt real-world operations, not just lock files.
3 min readFairlife Ransomware Attack Shows How Hackers Can Disrupt Your Groceries
A cyberattack on Coca-Cola's Fairlife dairy company halted all U.S. production, revealing how ransomware now threatens the everyday products families depend on.
4 min readWhy Encryption Won't Stop Ransomware: The Fairlife Attack Explained
Coca-Cola's Fairlife ransomware attack reveals a dangerous myth: encryption alone won't protect you if attackers have valid login credentials.
3 min read