Back to Feed
BreachesJul 16, 2026

Two Scattered Spider Hackers Sentenced to Jail in UK

Two Scattered Spider members sentenced to 5.5 years in UK for 2024 TfL cyberattack causing £29M damage.

Summary

Thalha Jubair (20) and Owen Flowers (18), members of the Scattered Spider cybercrime group, were sentenced to five years and six months in prison by UK courts for their role in a 2024 cyberattack on Transport for London that caused £29 million in damages and significant service disruptions. The sentencing marks what UK authorities describe as the largest cybercrime prosecution in the country's history, and Microsoft confirmed the arrests materially degraded the group's operational capability. Despite the convictions, authorities continue prosecuting other suspected Scattered Spider members, including Peter Stokes (extradited to the US) and Tyler Buchanan (pleaded guilty in US court).

Full text

Two members of the Scattered Spider cybercrime group have been sentenced to jail in the United Kingdom, the country’s National Crime Agency (NCA) announced on Thursday. Thalha Jubair, 20, and Owen Flowers, 18, were charged over their role in a 2024 cyberattack targeting Transport for London (TfL), which caused significant disruptions and generated costs of £29 million ($39 million). Jubair and Flowers were arrested in September 2025. They initially pleaded not guilty but changed their pleas to guilty when their trial started in June. On Thursday, they were each sentenced to five years and six months in prison following what officials described as “the largest cybercrime prosecution ever brought before the UK courts”. Despite several arrests last year, hackers operating under the Scattered Spider name continued to take credit for cyberattacks through the first months of 2026, although no new attacks have been announced in recent months. Following the sentencing of Jubair and Flowers, the NCA noted, “Although other cybercriminals may continue to use the damaged Scattered Spider brand, the NCA’s action against Jubair and Flowers effectively halted the group’s criminal activity. Independent assessment supports this, with Microsoft confirming that the arrests materially degraded the group’s ability to continue conducting cybercriminal operations.”Advertisement. Scroll to continue reading. In the meantime, authorities continue prosecuting other suspected members of the group. An alleged member, 19-year-old Peter Stokes, a dual US-Estonian national, was recently extradited to the US to face charges. Tyler Buchanan, a British national believed to be part of the cybercrime gang, pleaded guilty in a US court in April. Related: Third US Security Expert Sentenced to Prison for Helping Ransomware Gang Related: Romanian Hacker Sentenced to Prison in US for Selling Access to State Network Related: Third DraftKings Hacker Sentenced to 18 Months in Prison Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs Trend Micro, Tanium, ESET and Tenable Patch Severe Product VulnerabilitiesUS Charges Russian Individuals and Firms for Running Cybercrime ServicesWhite House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination InitiativeICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, RockwellSonicWall Issues Urgent SMA Patch Warning for Two Zero-Day ExploitsSynopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims7 Severe Vulnerabilities Patched in VMware Avi Load BalancerUnpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar Latest News AI Data Centers Are Being Built Faster Than They Can Be Secured‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process KillingOak Emerges From Stealth Mode With $60 Million in FundingSplunk, Zoom Patch Critical VulnerabilitiesF5 Patches Multiple NGINX, BIG-IP VulnerabilitiesChina’s Top Cybersecurity Firms Hit by Mounting Military Procurement BansOld UEFI Shims Expose Systems to Secure Boot BypassNightmare Eclipse Drops ‘LegacyHive’ Windows Zero-Day Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 15, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveN-able has appointed Russell Rosa as Chief Revenue Officer.Stacy O'Mara has joined Armadin as Chief Policy Officer and Director of Global Government Affairs.F5 has appointed Cathy Peterman as Chief People Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Entities

Scattered Spider (threat_actor)Thalha Jubair (threat_actor)Owen Flowers (threat_actor)Peter Stokes (threat_actor)Tyler Buchanan (threat_actor)Microsoft (vendor)