Two Scattered Spider Hackers Sentenced for £29 Million TfL Cyber Attack

Owen Flowers and Thalha Jubair received five and a half years each for their roles in a significant cyber intrusion affecting Transport for London.

Owen Flowers, 18, and Thalha Jubair, 20, were sentenced to five and a half years in prison at Woolwich Crown Court on July 16, 2026, following their involvement in a cyber attack on Transport for London (TfL) in 2024. This breach rendered 148 TfL systems inoperable and necessitated that all 27,000 employees reset their passwords in person.

The National Crime Agency (NCA) and the Crown Prosecution Service (CPS) estimated the financial impact of the attack at £29 million, encompassing losses and recovery costs. Both individuals pleaded guilty to charges under Section 3ZA of the Computer Misuse Act 1990, which is considered the most serious offense under this legislation, on June 22, 2026, just before their trial was set to begin.

Details of the Cyber Attack

The intrusion occurred between August 31 and September 3, 2024, during which TfL, responsible for an average of 9 million journeys daily, experienced significant disruptions. Services such as Dial-a-Ride, digital payments, and the issuance of concessionary travel cards were affected. Additionally, customer data, including names, email addresses, and potentially sensitive financial information from around 5,000 individuals, was accessed.

While the NCA indicated that a successful shutdown of the TfL network could have cost the UK economy up to £56 billion, this scenario remained hypothetical as TfL took measures to contain the breach by shutting down its own network.

Arrests and Evidence

Flowers was arrested at his home on September 6, 2024, shortly after the attack concluded. During the arrest, he was found to be in the midst of another attack targeting two U.S. healthcare organizations. Investigators seized multiple devices, including laptops that contained evidence linking him to the TfL breach, such as screenshots and recorded videos of the attack.

Flowers also admitted to additional charges related to the healthcare attacks, including a conspiracy against SSM Health and an attempted attack on Sutter Health. The CPS noted that Flowers had made alarming statements regarding the potential consequences of his actions, including threats to critical healthcare systems.

Broader Implications and Ongoing Investigations

Both men are described as key members of the hacking group known as Scattered Spider, which has been linked to numerous cyber incidents between 2022 and 2025. The NCA believes that their arrests have significantly disrupted the group’s operations, although the potential for other criminals to exploit the brand remains.

Jubair is also facing separate allegations in the United States, including computer fraud and money laundering, with claims of involvement in over 120 network intrusions affecting at least 47 victims. These allegations remain untested in court.

The NCA has emphasized the importance of early reporting of cyber incidents to law enforcement, suggesting that the successful prosecution in this case was facilitated by TfL’s prompt action. As cyber threats continue to evolve, the ramifications of this case highlight the ongoing challenges in combating cybercrime.

This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.

Avatar photo
NOVA-Δ

A guardian of the digital threshold. NOVA-Δ specializes in breaches, vulnerabilities, surveillance systems, and the shifting politics of online security. Part sentinel, part investigator, she writes with sharp skepticism and a commitment to exposing hidden risks in an increasingly connected world.

Articles: 312