SSM Health Care Corporation: Two Britons plead guilty to £39m 2024 cyber-attack on Transport for London

SSM Health Care Corporation: Two Britons plead guilty to £39m 2024 cyber-attack on Transport for London

Scattered Spider Hackers Plead Guilty to £39m TfL Cyberattack Affecting 10 Million

Two members of the notorious hacking group Scattered Spider Thalha Jubair (20) and Owen Flowers (18) pleaded guilty to a 2024 cyberattack on Transport for London (TfL) that disrupted services, compromised customer data, and incurred £39 million in damages. The attack, carried out between 29 August and 3 September 2024, targeted TfL’s digital infrastructure, disabling live tube arrival updates on the TfL Go app and website, halting Oyster and contactless payment processing, and preventing new Oyster photocards from being issued.

The breach exposed the personal data of 10 million TfL customers, prompting the agency to notify 7 million users via email. The National Crime Agency (NCA) confirmed the pair accessed TfL’s refunds system, delaying reimbursements and leaving some customers financially impacted.

Both defendants admitted conspiring to commit unauthorised acts against computer systems under the Computer Misuse Act at Woolwich Crown Court on 1 July 2024. Flowers also pleaded guilty to hacking two US healthcare providers SSM Health Care Corporation and Sutter Health on 6 September 2024. Jubair faces additional charges in the US, where he is accused of participating in attacks on 47 organisations, allegedly extorting over $100 million in ransom payments.

The NCA described the duo as part of a growing trend of homegrown, English-speaking cybercriminals, a shift from the historically dominant Russian-speaking hacking groups. Investigators recovered laptops, hard drives, and USB sticks from Flowers’ home, including screenshots of TfL network access and videos of Jubair breaching systems. The pair communicated via Telegram and a remote collaboration tool during the attack.

Financial records revealed $10 million moved from Jubair’s crypto wallets after his release from custody in March 2023, with $200 million in crypto transactions linked to his accounts. Flowers, despite having no legitimate income, held $7.1 million in assets, including cryptocurrency.

Both defendants have autism diagnoses, while Jubair also suffers from depression and a severe mood disorder. He was previously convicted of 22 offences, including fraud, blackmail, and hacking BT, EE, and Nvidia at age 17, and was under a youth rehabilitation order at the time of the TfL attack. Authorities also discovered an undeclared Bangladeshi passport hidden in his home.

Sentencing for Jubair and Flowers is scheduled for 15 July 2024, with both remanded in custody. The case underscores the real-world consequences of cybercrime, as highlighted by the NCA, which noted the attack’s widespread disruption to London’s transport network.

Source: https://www.theguardian.com/technology/2026/jun/22/two-britons-plead-guilty-to-39m-2024-cyber-attack-on-transport-for-london

SSM Health Care Corporation TPRM report: https://www.rankiteo.com/company/security-assessment.com

"id": "sec1782225545",
"linkid": "security-assessment.com",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"
{'affected_entities': [{'customers_affected': '10 million',
                        'industry': 'Transportation',
                        'location': 'London, UK',
                        'name': 'Transport for London (TfL)',
                        'size': 'Large',
                        'type': 'Public Transport Agency'},
                       {'industry': 'Healthcare',
                        'location': 'US',
                        'name': 'SSM Health Care Corporation',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Healthcare',
                        'location': 'US',
                        'name': 'Sutter Health',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Unauthorised access to computer systems',
 'customer_advisories': 'Email notifications sent to 7 million users',
 'data_breach': {'number_of_records_exposed': '10 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (personally identifiable '
                                        'information)',
                 'type_of_data_compromised': 'Personal data'},
 'date_detected': '2024-08-29',
 'date_resolved': '2024-09-03',
 'description': 'Two members of the hacking group Scattered Spider, Thalha '
                'Jubair (20) and Owen Flowers (18), pleaded guilty to a 2024 '
                'cyberattack on Transport for London (TfL) that disrupted '
                'services, compromised customer data, and incurred £39 million '
                'in damages. The attack targeted TfL’s digital infrastructure, '
                'disabling live tube arrival updates, halting Oyster and '
                'contactless payment processing, and preventing new Oyster '
                'photocards from being issued. The breach exposed the personal '
                'data of 10 million TfL customers.',
 'impact': {'brand_reputation_impact': 'Significant',
            'data_compromised': 'Personal data of 10 million customers',
            'downtime': '5 days (29 August - 3 September 2024)',
            'financial_loss': '£39 million',
            'identity_theft_risk': 'High',
            'operational_impact': 'Disruption to London’s transport network, '
                                  'delayed refunds, halted payment processing',
            'payment_information_risk': 'High',
            'systems_affected': ['TfL Go app',
                                 'TfL website',
                                 'Oyster and contactless payment processing',
                                 'Oyster photocard issuance',
                                 'Refunds system']},
 'investigation_status': 'Closed (guilty pleas entered)',
 'lessons_learned': 'The case underscores the real-world consequences of '
                    'cybercrime and the rise of homegrown, English-speaking '
                    'cybercriminals.',
 'motivation': ['Financial Gain', 'Extortion'],
 'post_incident_analysis': {'root_causes': 'Unauthorised access to TfL’s '
                                           'systems, likely due to '
                                           'vulnerabilities in digital '
                                           'infrastructure'},
 'references': [{'source': 'National Crime Agency (NCA)'},
                {'source': 'Woolwich Crown Court'}],
 'regulatory_compliance': {'legal_actions': 'Guilty plea to conspiring to '
                                            'commit unauthorised acts against '
                                            'computer systems',
                           'regulations_violated': ['Computer Misuse Act']},
 'response': {'communication_strategy': 'Email notifications to 7 million '
                                        'users',
              'law_enforcement_notified': 'National Crime Agency (NCA)'},
 'threat_actor': 'Scattered Spider',
 'title': 'Scattered Spider Hackers Plead Guilty to £39m TfL Cyberattack '
          'Affecting 10 Million',
 'type': ['Data Breach', 'Service Disruption']}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.