Your privacy choices

We use analytics to improve Pollar and, with your consent, marketing tools (Meta, X) to measure our ads. You can change this anytime in Settings.

Privacy policy
Pollar
HomeAskLiveSearchMapMarketsNotificationsFor You
BriefThreadsMarkets
Privacy

Today’s Brief

Nine ships and one algorithm

Trump tightens Iran blockade as Europe reins in Google and Ukraine reshuffles under fire

The day split between hard power and rule-making. Washington pressed Iran at sea, Kyiv fought both Russian missiles and its own cabinet feud, while Brussels reached into Google's phone software. France, meanwhile, voted to let some patients choose the manner of their death.

Read the Brief
Reader-supported

Free to read, and staying that way

No ads. Membership keeps Pollar independent.

Support Pollar
Membership

Members don't see this panel.

  • Supporter$29.99/yr
  • Founder$69.99/yr
Support Pollar

Live now

All live coverage
  • US-Iran military escalation

    Escalated US airstrikes continue for a sixth night, targeting strategic sites, port cities, and locations across the Strait of Hormuz, according to regional reports.

In the spotlight

All threads

World · Updated 14m ago

The war in Ukraine and its limits

The dismissal of Ukraine's Defense Minister Fedorov, a proponent of drone warfare, signals a potential shift in Ukraine's military strategy and has prompted domestic protests and international concern.

HomeBriefThreadsAsk
Categories
AI-generated·Learn how
© TechCrunch
Digital·1h ago

UK hackers jailed for London transport cyberattack that cost £29 million

Thalha Jubair, 20, and Owen Flowers, 18, were sentenced to five and a half years each for the August-September 2024 hack that forced Transport for London to pull the plug on its systems and exposed millions of commuters' data.

The attack

Between 31 August and 3 September 2024, Jubair and Flowers breached TfL's systems after an accomplice called the help desk impersonating an employee to reset login credentials. They escalated privileges to create a domain admin account, described in court as "the keys to the kingdom". The pair searched customer databases for celebrities, compromised refund systems, and shut down the Oyster photocard application portal for young people. TfL was forced to disconnect its systems to stop the intrusion.

The attack was the worst incident I have faced in my career.

— Andy Lord
Timeline of the TfL cyberattack and sentencing
  1. Aug 31, 2024Hackers gain initial access to TfL systems via help desk social engineering.
  2. Sep 3, 2024TfL disconnects systems to stop the attack after four days.
  3. June 2026Jubair and Flowers plead guilty to hacking TfL.
  4. Jul 16, 2026Both sentenced to five and a half years in prison.

Fallout and costs

The direct financial loss reached £29 million, though some reports put the total at £39 million. All 28,000 TfL staff had to reset passwords in person. The Dial-a-Ride service for disabled passengers was unable to process bookings for weeks, and real-time arrival apps such as TfL Go and Citymapper went offline. Data belonging to millions of commuters was stolen. Prosecutors said the hackers could have caused "catastrophic damage" and, if systems had not been disconnected, potential indirect losses could have reached £56 billion.

Support independent Pollar

Supporter and Founder memberships keep every article free to read, and add offline reading, audio, and a sponsor-free brief.

See membership tiers

The hackers

Jubair, 20, from Tower Hamlets, had 22 previous convictions, including stalking and hacks of BT/EE, Nvidia, and City of London Police. He was also charged in the United States with conspiracies to commit computer fraud, wire fraud, and money laundering, accused of extracting $115 million in ransom payments. Flowers, 18, from Walsall, was arrested while hacking two US healthcare providers, SSM Health and Sutter Health, just days after the TfL attack. Both lived with family, communicated via Telegram, and Flowers livestreamed the attack. Jubair was identified partly because he ordered a takeaway to his home using vouchers bought with cryptocurrency linked to a server storing ransom payments.

Scattered Spider disruption

The pair were central members of Scattered Spider, a loose collective of English-speaking hackers linked to attacks on MGM, Marks & Spencer, Harrods, and others. Paul Foster, head of the NCA's National Cyber Crime Unit, said the convictions had "severely degraded" the group's ability to operate.

Scattered Spider has been the most significant cybercrime threat to the U.K. in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice.

— Paul Foster

Sentencing

At Woolwich Crown Court on 16 July 2026, Judge Mark Turner sentenced both to five and a half years in prison. He acknowledged their youth but said the crime's seriousness demanded custody, noting they were "primarily motivated by selfish bravado, heedless of the severe consequences for others".

London · Walsall · Tower Hamlets
Thalha JubairOwen FlowersPaul FosterMark TurnerAndy Lord
LondonUnited States

8 sources

  • UK hackers jailed for London transport cyberattack which cost nearly $40 million
    Reuters·11h ago
  • Cel mai mare atac cibernetic din Marea Britanie. Cum au fost prinși doi hackeri din cauza unei comenzi de mâncare
    Ziare.com·1h ago
  • UK cops say arrest of two young hackers disrupted the operations of an infamous hacking group
    TechCrunch·7h ago
  • TfL hackers 'central' to Scattered Spider group, says NCA
    Financial Times News·7h ago
  • W. Brytania: Dwóch hakerów skazanych za cyberatak na londyński transport publiczny
    wnp.pl·10h ago
  • Hackers behind £39m Transport for London cyber attack jailed
    The Independent·11h ago
  • 'Keys to the kingdom': hackers who gained access to heart of London transport network jailed
    The Guardian·11h ago
  • Teenagers behind £39m TfL cyber-attack jailed
    The Telegraph·11h ago

Get Pollar Weekly

The week in news, every Friday. Free.

Free. No ads. Unsubscribe anytime.

More from Society & Science
Safety·2h ago
© Aktuálně.cz - Víte, co se právě děje

Blue Angels jet flies dangerously low over Pensacola Beach, triggering Navy and FAA safety investigation

A US Navy Blue Angels jet flew unusually low over a crowded Florida beach during an air show rehearsal, toppling chairs and umbrellas and prompting a safety investigation by the Navy and the FAA.

Read article
Climate·3h ago
© The New York Times

Texas flash floods kill one, revive trauma of last year's disaster that killed 139

Torrential rains swelled the Guadalupe River, forcing evacuations and rescues across Kerr, Uvalde and Kendall counties. Governor Greg Abbott confirmed a fatality and warned of record-breaking rainfall.

Read article
Safety·6h ago
© Ouest France

Tim Merlier sprints to third Tour de France stage win as mass crash mars finale in Chalon-sur-Saône

Belgian Tim Merlier outsprinted Olav Kooij and Jasper Philipsen in Chalon-sur-Saône on Thursday, but a heavy crash involving Fernando Gaviria brought down dozens of riders inside the final 500 metres.

Read article