UK Police Foil Scattered Spider: Young Hackers Sentenced for Transit System Breach

TL;DR
- Two young Scattered Spider hackers, Owen Flowers (18) and Thalha Jubair (20), have pleaded guilty to cyberattacking Transport for London’s network in August 2024.
- The breach caused tens of millions in losses (estimated at £39m) and disrupted thousands of commuters, marking one of the UK’s most significant transit system cyberattacks.
- Both men are scheduled for sentencing on July 15–16, 2026, in London’s Woolwich Crown Court, underscoring the UK’s intensified crackdown on cybercrime.
Young Hackers Linked to Scattered Spider Face Sentencing After TfL Breach
Two teenage hackers affiliated with the notorious Scattered Spider group have pleaded guilty to orchestrating a devastating cyberattack on London’s public transit system and are now awaiting sentencing. Owen Flowers, 18, from Walsall, and Thalha Jubair, 20, from East London, admitted to conspiring to commit unauthorized acts against Transport for London (TfL) computer systems and causing risk of serious damage to human welfare.
Their guilty pleas were delivered on the first day of what was expected to be a six-week trial at Woolwich Crown Court, abruptly ending the legal proceedings and accelerating the path to conviction. Both are set to be sentenced on July 15 and 16, 2026, marking a pivotal moment in the UK’s ongoing battle against cybercriminal organizations.
The August 2024 TfL Cyberattack: Impact and Scope
The cyberattack occurred between August 31 and September 3, 2024, when Flowers and Jubair infiltrated TfL’s computer network, crippling critical systems responsible for managing London’s public transport. The breach forced TfL to shut down parts of its digital infrastructure, causing widespread disruption to bus, rail, and tube services across Greater London.
According to the UK’s National Crime Agency (NCA), the attack resulted in tens of millions of pounds in financial losses and inconvenienced thousands of customers daily. Independent reports estimate the total cost at approximately £39 million, reflecting both direct remediation expenses and broader economic fallout.
The incident highlighted vulnerabilities in the UK’s transit infrastructure and underscored the growing threat posed by loosely affiliated but highly capable cybercrime groups like Scattered Spider.
Scattered Spider: A Loose but Lethal Cybercrime Collective
Scattered Spider is not a traditional hierarchical organization but rather a loosely-affiliated cybercrime collective known for its rapid adaptation, social engineering tactics, and ransomware deployments. The group has targeted major entities globally, including MGM Resorts, multiple airlines, and UK retailers such as Marks & Spencer, Harrods, and Co-op Group.
Flowers and Jubair were identified as key members of this group, with Flowers allegedly involved in the 2023 MGM Casino ransomware attack that shut down several properties. Jubair, operating under various monikers, has been documented in multiple cybersecurity reports for his extensive exploits prior to the TfL breach.
Their involvement in the TfL hack demonstrates Scattered Spider’s expanding focus on critical infrastructure, moving beyond corporate data theft to attacks that risk public safety and welfare.
Law Enforcement Response: NCA and City of London Police Lead Investigation
The investigation into the TfL breach was led by the UK’s National Crime Agency (NCA) and the City of London Police (COLP), who arrested Flowers and Jubair at their home addresses on September 16, 2024. Both suspects had long histories of cyber-offending and were already known to law enforcement prior to the arrest, according to BBC reporting.
The NCA confirmed that the duo pled guilty to conducting a cyberattack against TfL’s computer network, with the FBI also acknowledging the NCA’s announcement in a public post. The swift transition from arrest to guilty plea reflects the effectiveness of UK cybercrime units in tracking and prosecuting young hackers linked to international groups.
Sentencing and Broader Implications for UK Cybersecurity
Flowers and Jubair are scheduled to be sentenced at Woolwich Crown Court on July 15–16, 2026, with expectations of significant penalties given the scale of the attack and their prior criminal records. The sentencing will serve as a critical test of the UK’s legal framework for addressing cybercrime, particularly when involving minors and members of transnational hacker collectives.
This case reinforces the UK government’s commitment to combating cyber threats through aggressive prosecution and international cooperation. With Scattered Spider continuing to target high-value assets globally, the conviction of its young operatives signals a growing willingness to dismantle the group’s operational base within the UK.
As cybersecurity experts warn, the rise of adolescent hackers in groups like Scattered Spider presents a unique challenge: these individuals possess advanced technical skills but often lack the maturity to understand the societal consequences of their actions. The TfL case may set a precedent for how the UK handles future prosecutions of young cybercriminals linked to global threats.
What Comes Next for TfL and UK Transit Security?
Following the 2024 breach, TfL has likely implemented enhanced cybersecurity measures, though specific details remain undisclosed. The incident has prompted broader discussions about the resilience of critical infrastructure against cyberattacks, especially from groups that exploit human error and social engineering.
The sentencing of Flowers and Jubair will not only conclude this chapter but also serve as a deterrent to other aspiring hackers. For TfL and the UK’s transport network, the focus now shifts to long-term recovery, system hardening, and public reassurance that the threat has been neutralized.
As the cybercrime landscape evolves, the UK’s response to the TfL hack will be studied as a model for balancing swift justice with systemic security improvements.
Get All The Latest Updates Delivered Straight To Your Inbox For Free!