Briton charged in US and UK over major cyber attacks

Stay informed with free updates

Simply sign up to the Cyber Security myFT Digest — delivered directly to your inbox.

A British teenager has been charged by the US Department of Justice and the Crown Prosecution Service in England over global cyber attacks on critical infrastructure, federal court systems and businesses.

Thalha Jubair, 19, from east London, was charged by the DoJ on Thursday with conspiracies to commit computer fraud, wire fraud and money laundering in relation to more than 120 network intrusions and extortion involving 47 US entities.

The CPS also charged Jubair over his alleged role in a cyber attack on Transport for London last year, which cost the organisation millions of pounds in losses.

The teenager, whom the US justice department alleges is linked to the hacker affiliate Scattered Spider — responsible for hacks on UK retailers Marks and Spencers, Co-op and Harrods — is also alleged to have extracted $115mn in ransom payments from victims alongside his associates.

Matthew Galeotti, acting assistant attorney-general of the US justice department’s criminal division, said: “These malicious attacks caused widespread disruption to US businesses and organisations, including critical infrastructure and the federal court system, highlighting the significant and growing threat posed by brazen cybercriminals.”

As part of the UK investigation, Jubair was arrested on Tuesday alongside another man Owen Flowers, 18, in connection with the TfL attack.

The CPS charged the two with conspiring together to commit unauthorised acts against TfL under the Computer Misuse Act.

Jubair was also charged under the Regulation of Investigatory Powers Act for failing to disclose the pin or passwords for devices seized from him.

Andy Gould, national cyber crime team lead at the City of London Police said: “Today’s charges represent a significant milestone, demonstrating the joint efforts of the [National Crime Agency], the City of London Police, and international partners to ensure the UK remains a hostile environment for those who seek to disrupt organisations through cyber crime.”

The cyber attack on London’s transport authority, in August 2024, resulted in a data breach potentially affecting thousands of customers whose names, contact information and bank details was accessed.

At the time, TfL shut down some areas of operation including traffic cameras across the capital, live travel updates and the company’s website.

Flowers was first arrested on September 6 2024, at which point the UK NCA identified several other potential offences.

He has been charged with conspiring with others to infiltrate and damage the networks of SSM Health Care and attempting to target Sutter Health’s networks.

The charges follow the arrests of four individuals in July also allegedly connected with Scattered Spider.

Additional reporting by Robert Wright