- Two UK men sentenced to 5 years and 6 months for the 2024 cyberattack on Transport for London, linked to the Scattered Spider group
- Police seized devices showing evidence of the TfL breach; Flowers was also mid‑attack on US healthcare firms SSM Health and Sutter Health at the time of arrest
- TfL reported $39M in damages; the NCA says the sentencing effectively dismantled Scattered Spider, with Microsoft confirming the arrests degraded the group’s operations
Two young men, one aged 20 and the other 18, have been sentenced to five years and six months in prison for their involvement in the cyberattack on Transport for London (TfL) in 2024.
Thalha Jubair, from East London, and Owen Flowers, from Walsall, West Midlands were arrested in 2025 under the suspicion that they were the leading members of Scattered Spider – an infamous hacking collective known for breaching dozens of companies. Initial reports from different cybersecurity organizations claimed the group consisted mostly of teenagers whose native language was English.
During the arrest, the police seized different types of electronic equipment from the suspects, including laptops, PCs, smartphones, hard drives, removable storage, and more. On one of the computers, law enforcement found screenshots and videos showing the intrusion into TfL’s systems.
Millions in damages
To make matters even worse, Flowers was in the middle of breaking into US healthcare companies SSM Health Care Corporation and Sutter Health when he was arrested: According to the National Crime Agency (NCA), these two were already “infiltrated and damaged”.
The attack on TfL was one of the more disruptive incidents that year, and one which caused a lot of financial damage, too. According to a report TfL shared with the City of London Police (CoLP), it suffered around $39 million in loss and recovery costs.
Both Jubair and Flowers initially pleaded not guilty and changed their pleas to guilty on the day they were due to stand trial, it was said. Now, they are both sentenced to more than five years in jail. The NCA says these arrests and sentencing effectively dismantled the notorious hacking collective.
“Although other cybercriminals may continue to use the damaged Scattered Spider brand, the NCA’s action against Jubair and Flowers effectively halted the group’s criminal activity,” the NCA said in its report.
“Independent assessment supports this, with Microsoft confirming that the arrests materially degraded the group’s ability to continue conducting cybercriminal operations.”