Two hackers jailed for Transport for London cyberattack in blow to Scattered Spider
The sentencing of two young hackers for a major 2024 attack on London’s transit network marks a significant disruption to the Scattered Spider cybercrime collective, highlighting the severe economic risk of social engineering tactics across critical infrastructure.
Two hackers have been sentenced to five years and six months in prison for a major 2024 cyberattack on Transport for London (TfL). Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty earlier this year, marking a major victory for British authorities against the notorious Scattered Spider cybercrime collective.
The summer 2024 breach forced TfL’s infrastructure offline for weeks, crippling the ticketing system and real-time train arrival services. Authorities estimate the disruption resulted in financial losses of approximately £29 million (around $47 million), underscoring the severe economic vulnerability of public transit networks to targeted digital sabotage.
Unlike state-sponsored actors with vast budgets, these offenders represent a growing demographic of young, highly capable hackers driven by financial gain and peer notoriety. Collectives such as Scattered Spider and ShinyHunters frequently bypass traditional technical defences by exploiting human vulnerabilities through social engineering.
This tactic has proven highly effective and difficult to mitigate across the corporate sector. Before their arrest, the FBI alleged that Jubair alone participated in social engineering attacks targeting more than 120 companies.
The Scattered Spider network has been linked to dozens of high-profile breaches, including incidents at casino operator MGM, airline WestJet, and cybersecurity firm Okta. These intrusions routinely grant attackers access to sensitive customer data, creating cascading liabilities for the affected businesses.
Paul Foster, head of the U.K. National Crime Agency’s National Cyber Crime Unit, emphasized the magnitude of the operation. He stated, “Scattered Spider has been the most significant cybercrime threat to the U.K. in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice.”
Investigators noted the pair held “the keys to the kingdom” to the company’s systems. Authorities warned the hackers could have shut out and shut down TfL completely.
While cybercriminal groups frequently rebrand and shift their membership, the imprisonment of these core members represents a tangible blow to the network’s operational capacity. For European businesses and infrastructure operators, the case serves as a stark reminder that human-focused social engineering remains a critical, costly vector for economic disruption.