• 2 min read
UK says two arrests dealt Scattered Spider a major blow
Two young hackers were jailed for 5 years and 6 months after the 2024 TfL hack, which UK authorities say severely disrupted Scattered Spider.

Image: TechCrunch
Two hackers convicted over the 2024 Transport for London breach have been sentenced to five years and six months in prison, in a case U.K. authorities say has “severely” disrupted the cybercrime group Scattered Spider.
Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty earlier this year to hacking TfL, the public body that oversees London’s transit network. On Thursday, the U.K. National Crime Agency said the pair’s imprisonment represents a significant hit to Scattered Spider, a loose hacking collective linked to major incidents involving MGM, WestJet, and Okta.
According to the NCA, the attack on TfL in summer 2024 knocked parts of the organization’s infrastructure offline, including its ticketing system and online real-time train arrival information system. The disruption lasted for weeks. Authorities said the breach caused losses of about £29 million — around $47 million.
“Scattered Spider has been the most significant cybercrime threat to the U.K. in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice.”
The case is another reminder that some of the most damaging intrusions are carried out not by state-backed operators, but by young financially motivated hackers using social engineering against employees and other individuals. TechCrunch notes that groups such as Scattered Spider and ShinyHunters often focus on people rather than technical vulnerabilities — an approach that can be both highly effective and difficult to defend against.

Recommended reading
One in six PCs still run Windows 10
Flowers and Jubair were arrested in 2025. At the time, the FBI accused Jubair of involvement in attacks on more than 120 companies using social-engineering tactics. According to The Guardian, the pair had such extensive access inside TfL that they “could have shut out and shut down TfL completely,” effectively holding “the keys to the kingdom.”
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via TechCrunch


