News update
  • More than 500 Rohingya vanished at sea - what happened?     |     
  • EU, G77 Back Bangladesh's Smooth LDC Graduation     |     
  • US hits Iran infrastructure in tit-for-tat strikes     |     
  • Trump to attend World Cup final on Sunday: White House     |     
  • IEA Warns Hormuz Disruption Threatens Energy Security     |     

UK-Bangladeshi Hacker Jailed Over £29m London Cyberattack

GreenWatch Desk: Technology 2026-07-17, 12:25pm

uk6swwqlrnlm3dzjktfylhgjyu_1-b120f7c9222f041ab9b59751c9aff86a1784269585.png

People wait as a tube train arrives at Westminster station in London on January 25, 2016.



Two British hackers, including a Bangladeshi-origin teenager, have been sentenced to five and a half years in prison for carrying out a 2024 cyberattack on Transport for London (TfL) that cost nearly £29 million ($39.16 million) to repair.

Thalha Jubair, 20, and Owen Flowers, 18, pleaded guilty last month to hacking TfL systems between August 31 and September 3, 2024, after gaining unauthorised access to the transport authority's network.

The pair reportedly worked up to 16 hours a day during the attack, with Jubair operating from his parents' home in east London and Flowers from his grandmother's house in central England.

Jubair livestreamed the cyberattack, and footage recovered from Flowers' laptop later became key evidence in the investigation.

Prosecutors said the hackers had the ability to completely shut down TfL operations, and the attack was halted only after the organisation disconnected its computer systems. Full recovery took about six months.

Flowers also admitted involvement in attempted attacks on two US healthcare organisations shortly after targeting TfL. Prosecutors said those attacks ended after his arrest.

Authorities said Flowers continued attempting cyber intrusions even while in custody, with investigators finding evidence of searches and attempted access to government and prison-related systems.

Sentencing the pair, Judge Mark Turner said they were mainly motivated by "selfish bravado" rather than financial gain.

The attack had previously been linked to a hacking collective known as Scattered Spider, which has been associated with several high-profile cyber incidents. Prosecutors said the term refers more to a pattern of hacking behaviour than a formal organisation.

Both hackers were teenagers when they targeted TfL but were already considered highly skilled computer users capable of causing significant disruption.

Jubair had previously been convicted for hacking chipmaker Nvidia as part of the Lapsus$ hacking group and for stalking offences, including a false emergency report intended to send armed police to a victim's home.