Two youngsters, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the UK.
Believed to be members of the infamous Scattered Spider hacking collective, 18-year-old Owen Flowers from Walsall and 19-year-old Thalha Jubair from East London are scheduled to seem at Westminster Magistrates Courtroom at this time.
Flowers was beforehand arrested for his alleged involvement within the TfL assault in September 2024, however was launched on bail after being questioned by officers of the UK Nationwide Crime Company.
Since then, NCA investigators have discovered further proof doubtlessly linking Flowers to assaults towards U.S. healthcare corporations.
The 2 suspects are being prosecuted for pc misuse and fraud-related prices linked to an investigation into the breach of London’s public transportation company. Moreover, Flowers faces prices for conspiring to assault the networks of SSM Well being Care Company and Sutter Well being in the US.
“This assault brought about vital disruption and thousands and thousands in losses to TfL, a part of the UK’s essential nationwide infrastructure,” stated Deputy Director Paul Foster, the pinnacle of the NCA’s Nationwide Cyber Crime Unit.
“Earlier this 12 months, the NCA warned of a rise within the risk from cyber criminals primarily based within the UK and different English-speaking nations, of which Scattered Spider is a transparent instance.”
The U.S. Division of Justice additionally charged Thalha Jubair at this time with conspiracies to commit pc fraud, cash laundering, and wire fraud, in relation to at the least 120 community breaches and extortion assaults worldwide between Might 2022 and September 2025, which affected at the least 47 U.S. organizations.
The grievance, filed within the District of New Jersey and unsealed at this time, alleges that victims have paid Jubair and his accomplices at the least $115,000,000 in ransom funds.
The Transport for London cyberattack
TfL disclosed the August 2024 cyberattack on September 2, 2024, stating that it had not discovered proof that any buyer information was compromised within the breach.
Whereas the assault didn’t have an effect on London’s transportation companies, it did disrupt inner programs and on-line companies, in addition to TfL’s capability to course of refunds. In a subsequent replace, TfL revealed that buyer information, together with names, contact particulars, and addresses, had truly been compromised in the course of the incident.
TfL offers transportation companies to over 8.4 million Londoners by means of its floor, underground, and Crossrail transport programs, collectively managed with the UK’s Division for Transport.
In Might 2023, TfL was the sufferer of one other safety breach after the Clop ransomware gang stole information belonging to over 13,000 clients from one in every of its suppliers’ MOVEit Managed File Switch (MFT) servers.
The NCA arrested 4 different suspected members of the Scattered Spider cybercrime collective in July, believed to be concerned in cyberattacks focusing on main retailers within the nation, together with Marks & Spencer, Harrods, and Co-op.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
