Back to Feed
BreachesJul 16, 2026

Two Scattered Spider Members Sentenced to 5.6 Years Over TfL Cyberattack

Two Scattered Spider members sentenced to 5.6 years for Transport for London cyberattack.

Summary

Thalha Jubair (20) and Owen Flowers (18), members of the Scattered Spider cybercrime group, were sentenced to five years and six months each at Woolwich Crown Court for a cyberattack on Transport for London (TfL) in August-September 2024. The breach disrupted TfL's online services, exposed customer data, and forced 28,000 employees to reset passwords in person, costing approximately £39 million in recovery and lost income. The case represents the UK's largest cybercrime prosecution to reach court, with international law enforcement cooperation from the FBI, and highlights the rising involvement of teenagers in cybercrime.

Full text

Cyber Crime SecurityTwo Scattered Spider Members Sentenced to 5.6 Years Over TfL CyberattackbyWaqasJuly 16, 20262 minute read Listen to this article 0:00 — ← 10s ▶ Play 10s → Speed 0.75× 1× 1.25× 1.5× 2× Voice Loading voices… Press play to start listening Nearly two years after a cyberattack disrupted Transport for London’s (TfL) online services and exposed customer data, two members of the Scattered Spider cybercrime group have been sentenced to prison. Thalha Jubair, 20, and Owen Flowers, 18, each received a prison sentence of five years and six months at Woolwich Crown Court, bringing one of the UK’s highest-profile cybercrime prosecutions to a close. Thalha Jubair, 20 (left) and Owen Flowers, 18 (right). The sentencing follows an investigation that began after attackers gained access to TfL’s network between 31 August and 3 September 2024. Although trains and buses continued operating, the breach disrupted several customer services, including Oyster refunds, Dial a Ride, and online account functions. Reportedly, TfL was also forced to require roughly 28,000 employees to reset their passwords in person, while recovery costs and lost income reached about £39 million. The case moved quickly once investigators identified the suspects. Flowers was arrested in Walsall and Jubair in East London in September 2025, before both were charged with offenses linked to the TfL attack. They initially denied the allegations but changed their pleas to guilty when their trial opened in June 2026. Flowers also admitted hacking two US healthcare organizations, SSM Health and Sutter Health. Investigators said the pair were members of the loosely organized Scattered Spider group, which has been linked to high-profile attacks against telecommunications companies, retailers, casinos, and cloud service providers. Evidence recovered during the investigation included recordings, screenshots, Telegram conversations, and cryptocurrency linked to the defendants. Prosecutors said the attackers even livestreamed parts of the TfL compromise and searched customer records after gaining access to internal systems. Arrest video (Credit: NCA) The National Crime Agency described the prosecution as the UK’s biggest cybercrime case to reach the courts. Deputy Director Paul Foster of the NCA’s National Cyber Crime Unit said the investigation demonstrated the value of close cooperation between investigators and TfL, adding that cybercrime produces real-world consequences for organizations and the public. The case has also received international attention. Following the sentencing, the FBI’s Cyber Division publicly congratulated the NCA, City of London Police, the Crown Prosecution Service, and TfL for securing the convictions. The agency said the outcome reflected the value of international law enforcement cooperation against cybercrime groups such as Scattered Spider. With the sentencing now complete, the case closes a sequence that began with the arrests, continued through formal charges and guilty pleas, and ended with prison terms for both defendants. Authorities continue to investigate cybercrime groups linked to Scattered Spider, whose members remain connected to several major intrusions affecting organizations in the UK and abroad. Teenagers and Online Crime This case highlights the consistent, disturbing rise in the youth’s involvement in such crimes, as they don’t understand the legal dangers of cyberattacks. NCA earlier reported that one in five UK children between 10 and 16 have broken the law online and engaged in hacking. “A recent survey of children aged 10-16 showed that 20% engage in behaviours that violate the Computer Misuse Act, which criminalises unauthorised access to computer systems and data. The figure is higher for those who game, standing at 25%,” the NCA reported in 2024. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts Cyber AttackCybersecurityOwen FlowersScattered SpiderTFLThalha JubaiTransport for LondonUnited Kindgom Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Microsoft Microsoft Patch Tuesday Oct 2025 Fixs 175 Vulnerabilities including 3 Zero-Days October's Microsoft Patch Tuesday fixes 170+ flaws, including 3 actively exploited zero-days and critical WSUS RCE (CVSS 9.8). Immediate patching is mandatory. Final free updates for Windows 10. byDeeba Ahmed Read More News Malware Microsoft Security Technology Microsoft-Signed Drivers Helped Hackers Breach System Defenses Researchers at Sophos X-Ops Rapid Response (RR), Mandiant, and SentinelOne have confirmed Microsoft’s blunder. byHabiba Rashid Read More Security Live Nation Confirms Massive Ticketmaster Data Breach In an SEC filing, Live Nation Entertainment confirmed its subsidiary Ticketmaster suffered a data breach, claiming it will… byWaqas Read More Security Over 29,000 Unpatched Microsoft Exchange Servers Leaving Networks at Risk A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise… byDeeba Ahmed

Indicators of Compromise

  • malware — Scattered Spider

Entities

Scattered Spider (threat_actor)Thalha Jubair (threat_actor)Owen Flowers (threat_actor)Transport for London (TfL) (vendor)SSM Health (vendor)Sutter Health (vendor)