Two youngsters, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the UK.
Believed to be members of the infamous Scattered Spider hacking collective, 18-year-old Owen Flowers from Walsall and 19-year-old Thalha Jubair from East London are scheduled to seem at Westminster Magistrates Courtroom right now.
Flowers was beforehand arrested for his alleged involvement within the TfL assault in September 2024, however was launched on bail after being questioned by officers of the UK Nationwide Crime Company.
Since then, NCA investigators have discovered further proof probably linking Flowers to assaults in opposition to U.S. healthcare corporations.
The 2 suspects are being prosecuted for laptop misuse and fraud-related expenses linked to an investigation into the breach of London’s public transportation company. Moreover, Flowers faces expenses for conspiring to assault the networks of SSM Well being Care Company and Sutter Well being in the US.
“This assault prompted important disruption and thousands and thousands in losses to TfL, a part of the UK’s vital nationwide infrastructure,” mentioned Deputy Director Paul Foster, the pinnacle of the NCA’s Nationwide Cyber Crime Unit.
“Earlier this 12 months, the NCA warned of a rise within the risk from cyber criminals primarily based within the UK and different English-speaking international locations, of which Scattered Spider is a transparent instance.”
The U.S. Division of Justice additionally charged Thalha Jubair right now with conspiracies to commit laptop fraud, cash laundering, and wire fraud, in relation to not less than 120 community breaches and extortion assaults worldwide between Could 2022 and September 2025, which affected not less than 47 U.S. organizations.
The criticism, filed within the District of New Jersey and unsealed right now, alleges that victims have paid Jubair and his accomplices not less than $115,000,000 in ransom funds.
The Transport for London cyberattack
TfL disclosed the August 2024 cyberattack on September 2, 2024, stating that it had not discovered proof that any buyer information was compromised within the breach.
Whereas the assault didn’t have an effect on London’s transportation providers, it did disrupt inside programs and on-line providers, in addition to TfL’s means to course of refunds. In a subsequent replace, TfL revealed that buyer information, together with names, contact particulars, and addresses, had really been compromised throughout the incident.
TfL supplies transportation providers to over 8.4 million Londoners by means of its floor, underground, and Crossrail transport programs, collectively managed with the UK’s Division for Transport.
In Could 2023, TfL was the sufferer of one other safety breach after the Clop ransomware gang stole information belonging to over 13,000 prospects from one among its suppliers’ MOVEit Managed File Switch (MFT) servers.
The NCA arrested 4 different suspected members of the Scattered Spider cybercrime collective in July, believed to be concerned in cyberattacks concentrating on main retailers within the nation, together with Marks & Spencer, Harrods, and Co-op.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration traits.
