Teen TfL hacker laughed during arrest after £29m cyber attack
Teen TfL hacker laughed during arrest after £29m attack

Owen Flowers, then 17, laughed as police arrested him for a cyber attack on Transport for London (TfL) that caused £29 million in damage and nearly forced the network to shut down, body-worn camera footage shows. Flowers and Thalha Jubair, now aged 20, were each sentenced to five years and six months in prison at Woolwich Crown Court on July 16, 2026, for the intrusion between August 31 and September 3, 2024.

Attack Details and Impact

The pair infiltrated TfL's online network, forcing all 27,000 employees to attend offices in person to reset passwords. The National Crime Agency (NCA) described the damage as “catastrophic,” with TfL nearly having to “pull the plug” on its systems. The hackers worked through the night for 16 hours, tricking the helpdesk into resetting a password and then using TfL’s own Microsoft Azure systems to hack further.

Flowers, from Walsall, West Midlands, was arrested at his home wearing a grey t-shirt and green shorts. In released footage, he chuckles at an arresting officer. Jubair, from Tower Hamlets, was led glum-faced into a police van, wearing a hoodie. Both were arrested by the NCA and City of London Police.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Background and Motivation

The NCA stated Flowers lived with his grandmother and uncle, spending most of his time gaming and on chat forums. No ransom was demanded, suggesting motivation was “kudos within the cybercriminal community.” Both were linked to the Scattered Spider group, which has also targeted Jaguar Land Rover and Marks and Spencer. Jubair lived in a council block in Bow; his mother was a carer and his father a care assistant.

Judge took into account their young ages and neurodivergence but noted Jubair's “history of offending” showed “persistence” and he was “undeterred” by previous investigations. Flowers livestreamed Jubair conducting the hack; some videos were recovered upon his arrest on September 6, 2024. The pair discussed “nuking access” to servers.

Broader Cyber Threat

The NCA described the threat from serious and organised cybercrime to the UK as “very high.” While some UK attackers seek notoriety, most are foreign criminals after financial gain. Data theft remains the most common method due to increased online dependence.

Pickt after-article banner — collaborative shopping lists app with family illustration