Two Britons plead guilty to €45.2m cyber-attack in London: How the average person can stay safe

Two young Britons have pleaded guilty to a cyber-attack on Transport for London in 2024 that cost £39 million (more than €45.2 million) and affected 10 million people, judging by court proceedings carried out on Monday, June 22. The two men, Thalha Jubair and Owen Flowers, aged 20 and 18 respectively, were found to be from a hacking group called Scattered Spider, which itself is suspected of carrying out several cyber-attacks in recent years.

The 2024 attack on Transport for London, or TfL: How systems were affected

The attack in question involved a major breach of privacy that took place between August 29 and September 3, 2024. Transport for London stated that they had emailed more than 7 million customers in September to inform them that “some customer data may have been taken”. The BBC had reported that 10 million customers had had their data stolen from the incident. Transport for London, which is a major transport authority in the UK, handles up to 5 million passenger journeys per day, on the underground alone.

In addition, the attack prevented live Tube arrival information from appearing on the TfL Go app and the official website. TfL was also unable to process any payments on the contactless and Oyster apps, and unable to correctly register Oyster cards to customer accounts.

Hackers accused of various plots to commit crimes affecting millions

Jubair, from East London, and Flowers, from the West Midlands, both admitted to conspiring to commit these acts against computer systems belonging to the transport agency. Flowers, for his part, also admitted to hacking two healthcare companies from the United States: the SSM Health Care Corporation and Sutter Health, around September 6, 2024.

Jubair, on the other hand, has been accused by the US Department of Justice of involvement in a series of cyber-attacks targeting a whopping 47 US organisations and garnering more than £75 million, or more than €87 million, in ransom payments.

The trial was due to last six weeks, but the pair pleaded guilty on the first day. 

Cyber-attacks: Not just pixels on a screen

The profile of the two hackers signals a particular shift in the nature of large-scale cyber crime; while many major cyber-attacks are carried out by hackers that speak Russian as a main language, the increasing threat of cybercriminals based in the UK and other English-speaking countries is becoming more apparent. 

While these attacks, at first glance, are faceless, digital, and to many may seem removed from real-life consequences, cyber crime can impact the average resident in a number of ways. Firstly, stolen data can result in a stolen identity, which can lead to extortion, stolen money, and even severe psychological and emotional trauma for the victim. A person who has had their information stolen can also be a victim of other crimes, like stalking and harassment as a result of stolen identities, leaked addresses, and other sensitive information being stolen and sold to third parties.

How to protect yourself from potential cyber-attacks

While the case of the large-scale attack on TfL affected millions, there are still things individual residents can do to avoid becoming the victim of a cyber crime and better protect themselves against these types of attacks:

• Secure your accounts. This includes adding multi-factor authentication, using a different password for each account and updating them regularly, and putting a special emphasis on the security of your email, which often serves as a ‘master key’ to all your accounts.
• Learn to recognise and avoid phishing and scams. This includes verifying senders, not clicking randomly, double checking information and ensuring that payments are secure. 
• Install security software on devices and especially on home networks.
• Avoid using public Wi-Fi to access sensitive data, including bank accounts.
• Control your digital footprint. This includes avoiding oversharing personal information online, even things as innocuous as birthdays or names of family pets.
• Regularly monitor your accounts and make sure any suspicious activity is looked into.

The bottom line for the average resident: A tale of caution

For the community of British expatriates living in Spain, cases like the TfL breach serve as a grim reminder that digital security knows no borders. While enjoying life in Spain, navigating dual-country administrative tasks, managing overseas banking, and communicating with family back home inherently expands your digital footprint. By implementing these basic cybersecurity measures, expats can significantly reduce their vulnerability to international threats and safeguard their personal data.