Security/ cybersecurity · scattered spider · uk · ransomware

Two Scattered Spider Members Get 5-Plus Years for TfL Hack

Thalha Jubair and Owen Flowers were sentenced to five years and six months each for the 2024 TfL cyberattack, which cost the transit agency $39 million.

Two UK men who helped run Scattered Spider have been sent to prison for more than five years over the 2024 cyberattack on Transport for London.

Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, were arrested in 2025 and initially pleaded not guilty — then changed their pleas on the day trial was set to begin. Police seized laptops, phones, hard drives, and removable storage from both. On one device, investigators found screenshots and videos documenting the intrusion into TfL's systems. TfL reported roughly $39 million in losses and recovery costs to the City of London Police. Flowers's situation was particularly stark: at the moment of his arrest, he was actively breaking into US healthcare firms SSM Health Care Corporation and Sutter Health — systems the National Crime Agency says were already "infiltrated and damaged."

The NCA declared the sentencing a structural blow to the group, not just the removal of two individuals. "Although other cybercriminals may continue to use the damaged Scattered Spider brand, the NCA's action against Jubair and Flowers effectively halted the group's criminal activity," the agency said. Microsoft, cited as an independent assessor, confirmed the arrests "materially degraded the group's ability to continue conducting cybercriminal operations."

Scattered Spider built its reputation on social engineering — notably the 2023 MGM Resorts breach — and drew attention partly because its members were reportedly native English speakers, many of them teenagers. Whether dismantling its leadership actually ends the threat is a different question: loosely affiliated crews tend to rebrand, not retire.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →