Two hackers forced TfL to 'pull the plug' after 16-hour cyberattack costing £29m
Two hackers forced TfL to “pull the plug” after a 16-hour cyberattack that nearly shut down London’s transport network, a court heard. Thalha Jubair (20) and Owen Flowers (18) admitted their roles after conducting an “extremely serious hack” on TfL’s online network between August 31 and September 3, 2024. Prosecutors said the incident led to TfL spending £29 million due to disruption and operational work, and TfL claimed an additional £10 million in lost income. The attack also affected more than 27,000 employees, who were required to attend an office to reset passwords. The court heard that the hackers used Microsoft Azure and moved through TfL systems after tricking the helpdesk into resetting a password for them. Oyster refund data was accessed, contactless systems were delayed, and applications for child and youth Oyster photo cards were closed. The defendants were linked to Scattered Spider, which the NCA has associated with other cyberattacks.





