Teen Hackers Cost TfL £29M in 'Extremely Serious' Cyberattack
Teen Hackers Cost TfL £29M in Serious Cyberattack

Two teenagers, Thalha Jubair, 20, and Owen Flowers, 18, have been identified as the perpetrators of an 'extremely serious' cyberattack on Transport for London (TfL) that resulted in losses of £29 million. The attack, which took place between August 31 and September 3, 2024, targeted TfL's online network and could have caused 'catastrophic damage', according to authorities.

Attack Details and Impact

The hackers, described as 'experienced and talented' by investigators, compromised TfL's systems, forcing all of the organization's more than 27,000 employees to physically attend an office to reset their passwords. The incident disrupted operations and raised significant security concerns.

According to the National Crime Agency (NCA), the breach had the potential to cause far greater harm, but swift action by TfL's cybersecurity team limited the damage. The £29 million figure includes costs related to system repairs, password resets, and enhanced security measures.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Perpetrators and Legal Proceedings

Thalha Jubair and Owen Flowers were arrested and charged in connection with the attack. The case highlights the growing threat of cybercrime involving young individuals with advanced technical skills. The NCA emphasized that such attacks can have severe consequences, not just financially but also for public safety and trust.

In a statement, a TfL spokesperson said: 'This was an extremely serious incident that could have had catastrophic consequences. We are grateful to the NCA for their swift action in bringing these individuals to justice.' The investigation continues, and further charges may be filed.

Broader Implications for Cybersecurity

The attack on TfL serves as a stark reminder of the vulnerabilities in critical infrastructure. Organizations are urged to strengthen their cybersecurity protocols and invest in employee training to prevent similar breaches. The case also underscores the need for early intervention and education to steer talented young individuals away from cybercrime.

Pickt after-article banner — collaborative shopping lists app with family illustration