Two prominent members of the Scattered Spider cybercrime group have been sentenced to five years and six months each for their involvement in the hack of Transport for London (TfL) in 2024.
On September 2, 2024, TfL, which serves over 8.4 million Londoners, disclosed that its network was compromised in August 2024. This breach resulted in significant disruptions to internal systems and online services.
Key services affected included TfL’s Dial-a-Ride service, discount travel cards, digital payments, the implementation of contactless ticketing, and public transport refund processing functions. Moreover, 148 systems within TfL’s network became inoperable, forcing all 27,000 TfL employees to reset their passwords in person post-breach.
TfL reported losses and recovery costs of £29 million as a result of the attack. Officials warned that had the hackers succeeded in a more extensive disruption of the transport network, the UK economy could have faced losses upwards of £56 billion.
On September 12, 2024, TfL confirmed that the attackers had stolen customer data, including names, addresses, and contact details. Four days later, on September 16, officers from the City of London Police and the National Crime Agency (NCA) apprehended 20-year-old Talha Jubail and 18-year-old Owen Flowers at their residence.
Investigators revealed that Flowers was also implicated in hacking incidents involving U.S. healthcare organizations such as Sutter Health and SSM Healthcare Corporation. Evidence linking him to the TfL hack was found in the equipment seized during his arrest.
Both individuals pleaded guilty to charges under the Computer Misuse Act. They were sentenced on September 18 to five years and six months in prison.

NCA Deputy Commissioner Paul Foster described Scattered Spider as “the most significant cybercrime threat to the UK in recent years,” praising TfL’s proactive collaboration with law enforcement for the successful convictions.
“Without TfL’s prompt cooperation with law enforcement, these convictions may not have been achievable. We encourage other organizations to adopt a similar approach in such situations,” Foster stated. “We will continue our efforts with partners both in the UK and globally to identify offenders and ensure justice.”
The U.S. Department of Justice also charged Jalal Juvea in September 2025, citing conspiracy to commit computer fraud, money laundering, and wire fraud linked to at least 120 network breaches from May 2022 to September 2025.
According to court documents, these attacks impacted numerous U.S. organizations, including critical infrastructure entities, leading to over $115 million in extorted funds from victims worldwide between August 2024 and July 2025.
In July 2025, the NCA apprehended four additional suspected members of Scattered Spider, believed to be behind a series of cyberattacks on prominent UK retailers such as Harrods, Marks & Spencer, and Co-op.
Security teams document only 54% of successful attacks and issue warnings for a mere 14%. The remainder proceed undetected.
Picus’ whitepaper demonstrates how to validate your SIEM and EDR rules in breach and attack simulations to uncover hidden threats.
Source: www.bleepingcomputer.com




