Two teenagers in 2024 hacked into the Transport for London system and ended up compromising the data of 10 million TfL customers. The duo has been sentenced to five years and six months of prison time for their crimes. Owen Flowers and Thalha Jubair pleaded guilty to their crimes committed in 2024.

The cyberattack, carried out by the duo between August 31 and September 3, 2024, disrupted Transport for London (TfL) services for months and forced approximately 27,000 employees to reset their passwords.

The perpetrators livestreamed the breach over sixteen hours, causing an estimated $33 million in damages alongside severe operational disruptions. Due to legal protections for minors, one of the attackers, who was under eighteen at the time of reporting, cannot be publicly named.

According to the National Crime Agency, young hackers have been one of the leading issues that have plagued the cybersecurity of the UK. The teens, at the time of the attack and shortly after, were discovered to have exchanged messages on Telegram, where they also revealed that they tried to look up personal information of celebrities and access the bank accounts of customers as well.

The duo was part of a loosely connected underground group of English-speaking hackers called the Scattered Spider. Perpetrators linked ot the group have been arrested in the UK, Spain, Finland, and the United States, as reported by the BBC. The Woolwich Crown Court noted that the hackers had few offline friends and could be considered loners. Their sentencing was mitigated by the fact that they did have an autism diagnosis on record. Their lawyers argued that the duo was groomed into such behavior by older hackers.

Reactions online have been critical of the teens, but also critical of the lack of sound technical infrastructure on the part of the government. The hackers had gained access to the system by requesting a password reset for an employee over the phone.

One user said, “No talent was required to hack any Gov infra. It’s cobbled together by yes men and mainframe engineers from the 70s who won’t learn anything new.” Another noted, “These people are obviously pathetic, but it is funny that even in 2026 people are obsessed with hacking celebrities.”

However, there was a section of users who believed that the teens could be an asset for the government, given that they were able to exploit the weaknesses in the government system.

One user wrote, “They should be made to work for British intelligence agencies for time served instead of being locked up; they know their stuff. You’d rather have them on your team.”

Another user wrote, “The UK government has no sense of responsibility; they should have employed them instead!”

Disclaimer: Inquisitr could not independently confirm the facts of this incident and is reporting based on the information available.