This is the moment a teenage hacker from Walsall responsible for a multi-million-pound cyber attack was arrested by police. Owen Flowers was just 17 when he was hauled out of the three-bedroom home he shared with his grandmother by officers. Along with London-based accomplice Thalha Jubair, he launched a cyber attack on Transport for London (TfL) from his bedroom in 2024. It cost tens of millions of pounds in losses and inconvenienced thousands of customers.
Arrest and Charges
Flowers, 18, of Broad Lane, Walsall, and Jubair, 20, of Wellington Way, Tower Hamlets, East London, pleaded guilty to conspiracy to commit unauthorised acts in relation to a computer, causing or creating risk of serious damage. Flowers admitted two further charges in connection to hacking of US healthcare systems. When he was arrested at home in September 2024, he was found to be in the process of hacking systems of these two firms. He admitted a conspiracy to commit unauthorised acts in relation to a computer, with intent to impair - in relation to SSM Health Care Corporation - and attempting to commit unauthorised acts in relation to a computer, with intent to impair - regarding Sutter Health.
Sentencing and Impact
Flowers and Jubair were each jailed for five years and six months at Woolwich Crown Court on Thursday, July 16. It is only the second criminal prosecution of its kind in the UK under the Computer Misuse Act (CMA). The cyber attack meant that all 27,000 TfL employees had to attend the office to reset their password. A total of 148 systems became inoperable, including critical ones which required significant manual workarounds and delays.
The NCA said: "While swift action by TfL limited the impact, a number of services relied on by the public were disrupted." These included the Dial-a-Ride booking service, which provides transport to vulnerable Londoners, the provision of concessionary travel cards, the digital payments channel and a delay to the extension of contactless ticketing. Data from TfL’s Oyster refunds system was accessed and TfL’s customer refund system was affected, leaving some customers out of pocket for much longer than usual. It also shut down the application system for Oyster photocards for children and young people.
Investigation and Criminal Group
Flowers and Jubair were identified by the National Crime Agency (NCA) and City of London Police following the infiltration of TfL’s network, which took place between August 31 and September 3, 2024. They were both 'leading members of the online criminal collective known as Scattered Spider'. The NCA said: "Although other cybercriminals may continue to use the damaged Scattered Spider brand, the NCA’s action against Jubair and Flowers effectively halted the group’s criminal activity. Independent assessment supports this, with Microsoft confirming that the arrests materially degraded the group's ability to continue conducting cybercriminal operations."
Financial Consequences
TfL suffered a reported £29 million in loss and recovery costs. Had the attack succeeded in shutting down the transport network, the estimated cost to the UK economy could have been up to £56 billion. Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: "This is the largest cyber crime prosecution ever brought before the UK courts and the culmination of nearly two years of painstaking work by the NCA, CPS and our policing partners. Scattered Spider has been the most significant cybercrime threat to the UK in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice."
Evidence and Aftermath
At Flowers' home, investigators found a number of devices, including laptops, computer towers, hard drives and USB sticks. One laptop contained a screenshot showing network connectivity to TfL infrastructure. The laptop also contained a number of videos Flowers had recorded, showing Jubair accessing TfL systems during the attack - a livestream viewed by just three people. The hackers messaged each other over Telegram during their cyber attack and communicated via an online tool where multiple participants can work remotely in a common workspace, the NCA said.
Security Minister Dame Angela Eagle said: "This shocking case shows the very serious threat that cyber criminals pose to our security and prosperity – a key part of our capital’s infrastructure lost millions of pounds and many ordinary paying customers suffered huge disruption. My thanks go to the National Crime Agency and the City of London Police for their exceptional work in tracking down these criminals and bringing them to justice. This should send a clear message to anyone planning illegal cyber activity that there will be consequences when you are caught. As the threat from cyber attacks increases, this government is bolstering the UK’s defences from cyber crime with new legislation and a National Cyber Action Plan. Let this also be a reminder to all organisations in the UK to protect themselves and build up their cyber resilience."



