SSM Healthcare Corporation: Two men plead guilty over £39m TfL cyber attack

SSM Healthcare Corporation: Two men plead guilty over £39m TfL cyber attack

Two Men Plead Guilty in £39m TfL Cyber Attack Disrupting Millions

Two UK men, Thalha Jubair (20) and Owen Flowers (18), pleaded guilty to charges related to a major cyber attack on Transport for London (TfL) that caused three months of disruption and financial losses exceeding £39 million. The attack, carried out in summer 2024, was linked to the cybercriminal group Scattered Spider and targeted TfL’s Oyster refund system, customer refund portal, and the application system for child and youth Oyster photocards.

The breach, which began on 31 August 2024, left 10 million customers affected, with some unable to access refunds for extended periods. Digital signage and online services were also disrupted, forcing TfL to notify thousands of customers about unauthorized access to personal data. Investigators from the National Crime Agency (NCA) and City of London Police seized laptops, hard drives, and USB devices from the suspects’ homes, uncovering evidence including screenshots and videos of their unauthorized access to TfL’s systems.

Both men were arrested on 16 September 2024 and admitted to conspiring to commit unauthorized acts under the Computer Misuse Act. Flowers also pleaded guilty to attempting to hack U.S.-based healthcare systems, including Sutter Health and SSM Healthcare Corporation. Authorities noted that the pair used Telegram and an online collaborative workspace to coordinate their activities, with Flowers accessing tools selling breached credentials.

The NCA described the investigation as "lengthy, highly complex, and painstaking," while TfL’s Transport Commissioner, Andy Lord, acknowledged the real-world impact of the attack. The men will be sentenced on 15 July 2025. The case underscores the growing threat of cybercrime to critical national infrastructure, with law enforcement emphasizing its tangible consequences for public services.

Source: https://www.bbc.com/news/articles/czx5yp9qy0do

Security-Assessment.com cybersecurity rating report: https://www.rankiteo.com/company/security-assessment.com

"id": "SEC1782152684",
"linkid": "security-assessment.com",
"type": "Cyber Attack",
"date": "8/2024",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"
{'affected_entities': [{'customers_affected': '10 million',
                        'industry': 'Transportation',
                        'location': 'London, UK',
                        'name': 'Transport for London (TfL)',
                        'size': 'Large',
                        'type': 'Public transport authority'}],
 'attack_vector': 'Unauthorized access via breached credentials',
 'customer_advisories': 'Notifications about unauthorized access to personal '
                        'data',
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personal data'},
 'date_detected': '2024-08-31',
 'description': 'Two UK men, Thalha Jubair (20) and Owen Flowers (18), pleaded '
                'guilty to charges related to a major cyber attack on '
                'Transport for London (TfL) that caused three months of '
                'disruption and financial losses exceeding £39 million. The '
                'attack targeted TfL’s Oyster refund system, customer refund '
                'portal, and the application system for child and youth Oyster '
                'photocards, affecting 10 million customers.',
 'impact': {'brand_reputation_impact': 'Significant',
            'data_compromised': 'Personal data of customers',
            'downtime': '3 months',
            'financial_loss': '£39 million',
            'identity_theft_risk': 'High',
            'operational_impact': 'Disruption to refund services and online '
                                  'systems',
            'systems_affected': ['Oyster refund system',
                                 'Customer refund portal',
                                 'Child and youth Oyster photocard application '
                                 'system',
                                 'Digital signage',
                                 'Online services']},
 'initial_access_broker': {'entry_point': 'Breached credentials'},
 'investigation_status': 'Completed (guilty pleas)',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Unauthorized access via breached '
                                           'credentials'},
 'references': [{'source': 'National Crime Agency (NCA) and City of London '
                           'Police'}],
 'regulatory_compliance': {'legal_actions': 'Criminal charges',
                           'regulations_violated': ['Computer Misuse Act']},
 'response': {'communication_strategy': 'Customer notifications about '
                                        'unauthorized access to personal data',
              'law_enforcement_notified': True},
 'threat_actor': 'Scattered Spider',
 'title': 'Two Men Plead Guilty in £39m TfL Cyber Attack Disrupting Millions',
 'type': 'Cyber Attack'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.