Two alleged members of the Scattered Spider threat group pled not guilty today to charges related to a cyberattack on Transport for London in August 2024.
Thalha Jubair, 19, of east London, and Owen Flowers, 18, from Walsall in the West Midlands, were arrested in the UK in September. They appeared before Southwark Crown Court today and entered not guilty pleas to charges of conspiring to commit unauthorized acts against computer systems belonging to Transport for London (TfL), according to news reports.
Sky News reported that the two “stood in the dock together and spoke only to confirm their names and enter not guilty pleas.”
The charge states in part that the two are accused of “causing, or creating a significant risk of, serious damage to human welfare and intending to cause such damage or being reckless as to whether such damage was caused.
Flowers is also accused of unauthorized acts against computer systems belonging to SSM Health, and attempting to commit unauthorized acts against computer systems belonging to Sutter Health.
Jubair is also accused of failing to disclose the pin or passwords for devices seized from him in March 2025, and Jubair also faces substantial charges in the U.S.
Both men continue to be held on remand, the BBC reported.
Scattered Spider Trial Date Set
A provisional trial date has been set for June 8, 2026, at Southwark Crown Court, with a pre-trial hearing scheduled for February 13.
The cyberattack allegedly caused £39m of damage and disrupted TfL services for three months. While transport itself was unaffected, many TfL online services and information boards were knocked offline as part of the attack. Traffic cameras and “dial a ride” bookings were some of the affected services, and some payment systems were also affected.
Personal data including names, emails and home addresses were accessed, and TfL was forced to inform thousands of customers that there may have been unauthorized access to personal information that may have included bank account numbers and sort codes.
Jubair Faces U.S. Charges Too
Jubair has also been charged by the U.S. Department of Justice (DoJ) for conspiracies to commit computer fraud, wire fraud, and money laundering in relation to at least 120 computer network intrusions and extortion involving 47 U.S. entities.
The unsealed U.S. complaint alleged that Jubair’s victims paid at least $115 million in ransom payments.
The U.S. claims Jubair could face up to 95 years in prison on the charges.
Scattered Spider recently joined with ShinyHunters and LAPSUS$ to form the Scattered LAPSUS$ Hunters threat collective, which remains active, that
Recent attacks by the group have targeted Salesforce data, including one involving the Gainsight customer success platform this week.
Scattered LAPSUS$ Hunters also claims to have been behind an insider attack at security vendor CrowdStrike, according to Bleeping Computer, although CrowdStrike says its systems and customer data were not affected by the incident.
