Scattered Spider: Two Teens Face Trial Over £39M London Transit Cyberattack

Two British teenagers are set to stand trial over last year’s cyberattack on London’s transport system — an incident investigators have linked to the hacking collective Scattered Spider, with Transport for London (TfL) estimating losses in the tens of millions of pounds. At a preliminary hearing, the defendants confirmed their identities; subsequent sessions have been scheduled, and the case is now moving toward a full trial.

According to the prosecution, 19-year-old Talha Jubair of East London and 18-year-old Owen Flowers of Walsall acted in concert, violating provisions of the UK’s Computer Misuse Act. Their case has been brought before Southwark Crown Court, where the judge has set an interim hearing for November 21 and the start of the main proceedings for June 8, 2026. The charges followed arrests made on September 16, with formal indictments filed two days later.

The attack, which began on August 31 of last year, disrupted TfL’s services for nearly three months. It affected the display of live information across the Underground network, access to travel histories in user accounts, and payment processing in the Oyster app. As a result, the organization estimated total losses — including direct expenses and downtime-related damages — at £39 million (approximately $51.8 million). Around 5,000 customers were subsequently notified of possible unauthorized access to their personal data, including bank account details, email addresses, and home addresses.

Investigators believe that members of the Scattered Spider cybercrime group were behind the breach. While the teenagers’ guilt has not been established, they currently face charges of conspiracy to commit unauthorized acts with computer systems. A series of procedural hearings lies ahead, during which the prosecution must substantiate the defendants’ alleged connection to the attack and demonstrate how the perpetrators disrupted TfL’s infrastructure, while the defense seeks to refute those claims.

Meanwhile, Transport for London continues restoration efforts and has tightened access controls to critical systems, emphasizing enhanced transaction monitoring and the protection of personal data. Until the trial begins, the organization plans to cooperate closely with investigators and keep affected customers informed, while law enforcement agencies work to consolidate technical evidence explaining the scale and duration of the intrusion.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy