- Two British men sentenced to 5 years and 6 months for 2024 cyberattack on Transport for London linked to Scattered Spider group
- Police seized devices showing evidence of TfL breach; Flowers was also in the midst of an attack on US healthcare companies SSM Health and Sutter Health at the time of his arrest.
- TfL reported $39 million in damages; NCA says conviction effectively dismantled Scattered Spider, with Microsoft confirming arrests degraded group’s operations
Two young men, one aged 20 and the other aged 18, have been sentenced to five years and six months in prison for their involvement in the cyber attack on Transport for London (TfL) in 2024.
Thalha Jubair, from east London, and Owen Flowers, from Walsall, West Midlands, were arrested in 2025 on suspicion of being key members of Scattered Spider, an infamous hacker collective known for hacking dozens of companies. Initial reports from different cybersecurity organizations claimed that the group was primarily made up of teenagers whose native language was English.
During the arrest, police seized various types of electronic equipment from the suspects, including laptops, PCs, smartphones, hard drives, removable storage media, etc. On one of the computers, law enforcement found screenshots and videos showing the intrusion into TfL’s systems.
Millions of damages
Worse still, Flowers was in the process of breaking into US healthcare companies SSM Health Care Corporation and Sutter Health when he was arrested: according to the National Crime Agency (NCA), both companies were already “infiltrated and damaged”.
The attack on TfL was one of the most disruptive incidents this year, and one that also caused significant financial damage. According to a report shared by TfL with the City of London Police (CoLP), the company suffered approximately $39 million in losses and recovery costs.
Jubair and Flowers initially pleaded not guilty and changed their plea to guilty on the day they were due to stand trial, it was reported. Today, they are both sentenced to more than five years in prison. The NCA claims that these arrests and convictions effectively dismantled the notorious hacker collective.
“Although other cybercriminals may continue to use the damaged Scattered Spider brand, the NCA’s action against Jubair and Flowers has effectively stopped the group’s criminal activity,” the NCA said in its report.
“An independent assessment supports this assertion, with Microsoft confirming that the arrests have significantly degraded the group’s ability to continue its cybercriminal operations.”

The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




