Scattered Spider Hackers Behind TfL Cyber Attack Sentenced to Five Years
Scattered Spider members behind TfL hack get five years in prison
The Hack on Transport for London
Two senior figures within the Scattered Spider cybercriminal group received five-year prison terms for orchestrating a 2024 cyberattack on Transport for London (TfL). The breach, which occurred in August 2024, compromised internal systems and online services, leading to widespread disruptions. Affected operations included the Dial-a-Ride service, concessionary travel card management, digital payment systems, contactless ticketing infrastructure, and refund processing capabilities. Over 148 systems across TfL’s network became nonfunctional, and all 27,000 employees were required to reset their passwords in person following the incident.
Financial and Economic Impact
TfL disclosed the breach on September 2, 2024, reporting financial losses and recovery expenses totaling 29 million pounds. Officials estimated potential economic damage to the UK could have reached 56 billion pounds if the attackers had succeeded in collapsing the transportation network. Four days later, on September 6, 2024, the agency confirmed that customer data, including names, addresses, and contact information, had been exfiltrated.
Arrests and Guilty Pleas
On September 16, 2024, law enforcement officials from the City of London Police and the UK National Crime Agency (NCA) arrested 20-year-old Thalha Jubair and 18-year-old Owen Flowers. Investigators uncovered evidence that Flowers was simultaneously targeting U.S. healthcare providers Sutter Health and SSM Health Care Corporation. Devices recovered during the raid contained proof of the TfL intrusion. Both individuals pleaded guilty under the Computer Misuse Act and received five-year sentences.
NCA Deputy Director Paul Foster highlighted Scattered Spider’s role as a major cybercrime threat to the UK, crediting TfL’s early collaboration with authorities for facilitating the convictions. He urged organizations to engage law enforcement promptly during breaches, stating, “These convictions would likely not have been possible without Transport for London’s cooperation.”
U.S. Charges and Broader Impact
In September 2025, the U.S. Department of Justice charged Jubair with conspiracy to commit computer fraud, money laundering, and wire fraud. Court records indicated he was involved in at least 120 network breaches between May 2022 and September 2025, targeting U.S. entities including critical infrastructure and judicial systems. The attacks generated over 115 million in extorted funds between August 2024 and July 2025. In July 2025, the NCA detained four additional suspects linked to Scattered Spider, who were allegedly responsible for cyberattacks on major UK retailers such as Harrods, Marks & Spencer, and Co-op.
Security Team Performance
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper.
Related Articles
- UK charges suspects linked to Russian Coms call spoofing platform
- Scattered Spider members plead guilty to hacking Transport for London
- Nottingham University data breach affects over 450,000 students
- EU sanctions Russian GRU military hackers over cyberattacks
- Alleged Scattered Spider hacker extradited to the United States
Scattered Spider TfL Transport for London UK United Kingdom Sergiu Gatlan Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. or DMs for tips.
Previous Article Next Article
You need to login in order to
Not a member yet?
You may also like:
- Popular Stories Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
- Microsoft: Some Dell PCs shut down after recent Windows updates
- Windows 11 KB5101650 & KB5099414 cumulative updates released
- Sponsor Posts Pentest your web apps on-demand. Find what humans miss. Scope and launch a pentest in minutes.
- How Mature Is Your AI Security Program? Take the Free AI Maturity Assessment.
- AI broke vulnerability management. Get the guide CISOs use to shift budget to BAS.
- AI is a data-breach time bomb: Read the new report
- See how Pixellot discovered and secured hundreds of unmanaged AI agent identities in weeks, not months. Read the case study.
Login Reporter Help us understand the problem. What is going on with this comment? Submitting… SUBMIT
