Scattered Spider Members Jailed for Transport for London Cyberattack
Two key members of the prolific cybercrime group **Scattered Spider** have been sentenced to five years and six months in prison each for their roles in the significant cyberattack against **Transport for London (TfL)** in 2024. The breach caused widespread disruption and substantial financial losses, highlighting the severe impact of such sophisticated attacks on critical infrastructure.

**Thalha Jubair**, 20, and **Owen Flowers**, 18, both identified as leading members of the **Scattered Spider** collective, received their sentences following their guilty pleas under the Computer Misuse Act.
### The TfL Breach: A Timeline of Disruption
**TfL**, responsible for London's vast transportation network serving over 8.4 million people, publicly disclosed a network breach on September 2, 2024. The attack, which began in August 2024, severely disrupted internal systems and online services.
Impacted services included **TfL**'s Dial-a-Ride, concessionary travel cards, digital payment processing, and contactless ticketing. The incident also rendered 148 systems inoperable across the network, forcing all 27,000 **TfL** employees to reset their passwords in person.
Financial repercussions were significant, with **TfL** reporting Β£29 million in losses and recovery costs. Officials also estimated a potential Β£56 billion loss to the UK economy had the attackers succeeded in a full shutdown of the transport network.
### Data Theft and Swift Arrests
On September 12, 2024, **TfL** confirmed that customer data, including names, addresses, and contact details, had been exfiltrated. Just four days later, on September 16, officers from the City of London Police and the **UK National Crime Agency (NCA)** arrested **Jubair** and **Flowers** at their residences.
Investigators revealed that **Flowers** was also actively targeting U.S. healthcare providers **Sutter Health** and **SSM Health Care Corporation** at the time of his arrest. Devices seized from him contained incriminating evidence related to the **TfL** intrusion.

### Scattered Spider: A Significant Threat
**NCA** Deputy Director **Paul Foster** described **Scattered Spider** as "the most significant cybercrime threat to the UK in recent years." He commended **TfL**'s proactive engagement with law enforcement, emphasizing its crucial role in securing the convictions.
"These convictions would likely not have been possible had **Transport for London** not engaged with law enforcement early, so I would urge any other organisation to please do the same in such circumstances," **Foster** stated. "We will continue working with partners in the UK and overseas to identify offenders and bring them to justice."
### Broader International Implications
**Jubair** faces further charges from the U.S. Department of Justice, filed in September 2025. These charges include conspiracy to commit computer fraud, money laundering, and wire fraud, linked to at least 120 network breaches between May 2022 and September 2025. Court documents indicate these attacks impacted numerous U.S. organizations, including critical infrastructure and U.S. courts, with **Jubair** and his accomplices allegedly extorting over $115 million globally.
In a related development, the **NCA** arrested four other suspected **Scattered Spider** members in July 2025, believed to be involved in a series of cyberattacks against major UK retailers such as **Harrods**, **Marks & Spencer**, and **Co-op**.