Overview
- The two defendants, Thalha Jubair and Owen Flowers, changed their pleas to guilty at Woolwich Crown Court on Monday and will be sentenced in mid‑July.
- The intrusion occurred during August–September 2024 and investigators say it accessed TfL’s Oyster refund system, closed the Oyster photocard application service and forced 28,000 staff to reset passwords in person.
- Authorities report losses and recovery costs in the tens of millions of pounds, with coverage citing figures of about £29 million to £39 million depending on what was counted.
- Forensics seized laptops, hard drives and USB devices that contained screenshots, videos and messages showing access to TfL systems and communications between the pair on Telegram and a shared online workspace.
- Investigators linked the defendants to the Scattered Spider collective and said Flowers also admitted attempts against US healthcare providers SSM Health and Sutter Health, a development law enforcement says highlights the cross‑border reach of modern cybercrime and the need for early cooperation between victims and agencies.