Industry - Data Breach
Executive Summary
Two men pleaded guilty to charges related to a cyberattack on Transport for London that began in August 2024, disrupting services for three months and costing the operator £39 million. The hack affected 10 million customers, compromising personal information from TfL's Oyster refunds system and forcing the shutdown of online services including contactless refunds and photocard applications. Investigators linked the attack to the criminal group Scattered Spider, which has targeted other major ...
What Happened
On August 31, 2024, Transport for London experienced a cyberattack that disrupted online services for three months and resulted in £39 million in costs. Two men, Thalha Jubair (20) and Owen Flowers (18), pleaded guilty in June 2026 to conspiring to commit unauthorized acts under the Computer Misuse Act. Investigators from the National Crime Agency linked the attack to the criminal group Scattered Spider and found evidence including screenshots of TfL system access and videos showing the intrusion on devices seized from the defendants' homes.
Who Is Affected
The breach affected 10 million TfL customers whose personal information from the Oyster refunds system was accessed without authorization. Customers experienced disruption to online services including contactless refunds and photocard applications for children and young people, with some left out of pocket longer than usual due to delayed refund processing. TfL wrote to thousands of customers to notify them about the unauthorized access to their personal information.
Why It Matters
This incident demonstrates the scale and financial impact that cyberattacks can have on critical public infrastructure, with costs reaching £39 million and service disruptions lasting three months. The breach exposed personal data of 10 million users in a major transportation system, and the involvement of Scattered Spider - a group linked to attacks on major corporations like Jaguar Land Rover and Marks and Spencer - highlights the persistent threat organized cybercriminal groups pose to both public and private sector organizations.
What You Should Do
If you are a TfL customer who used services during or after August 2024, monitor your financial accounts and credit reports for suspicious activity, as your personal information from the Oyster refunds system may have been compromised. Contact TfL directly to confirm whether you were affected and what specific data may have been accessed. Consider enabling fraud alerts with credit bureaus and be vigilant about phishing attempts that may reference this breach to appear legitimate.
Summary generated from verified sources and reviewed before publication. How we summarize.