Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

Scattered Spider Duo Jailed for TfL Cyberattack in UK's Largest Cyber Prosecution

Two British members of the Scattered Spider cybercrime group have been sentenced to five and a half years in prison each for their 2024 cyberattack on Transport for London (TfL). This marks the biggest cybercrime conviction in UK history.

  • Owen Flowers, 18, and Thalha Jubair, 20, received five years and six months each.
  • The pair pleaded guilty in June 2026 to reckless actions, securing a 15% sentence reduction.
  • This is only the second conviction under Section 3ZA of the Computer Misuse Act 1990, reserved for serious offences.
  • The National Crime Agency (NCA) identified Scattered Spider as the most significant cyber threat to the UK.
  • The sentencing concludes a nearly two-year investigation, disrupting the cybercrime group.

The sentencing of Owen Flowers and Thalha Jubair has brought closure to a case that has shaken the UK's cybercrime landscape. The two men have each been handed five and a half years in prison for their roles in the 2024 Transport for London (TfL) cyberattack, which remains one of the most significant incidents of its kind in British history.

Flowers, now 21, and Jubair, 22, had pleaded guilty to charges under Section 3ZA of the Computer Misuse Act 1990 in June 2026. This admission led to a 15% reduction in their sentences. Mr Justice Turner acknowledged the pair's youthful naivety, but also highlighted the sophistication and planning that went into the attack, as well as its profound impact on TfL's operations.

Authorities have consistently linked Flowers and Jubair to Scattered Spider, a loose network of young, English-speaking cybercriminals who have been responsible for several high-profile attacks. These include the 2023 hack on MGM Resorts and various British retail giants in 2025. The National Crime Agency (NCA) has repeatedly identified Scattered Spider as one of the UK's most pressing cyber threats.

The conviction marks only the second time Section 3ZA of the CMA has been successfully applied, and it demonstrates the willingness of law enforcement to tackle even the most complex cases. Flowers and Jubair pleaded guilty to reckless rather than intentional acts under this section. The previous application of this section resulted in a six-year sentence for a former GCHQ intern in 2025.

Paul Foster, Deputy Director and head of the NCA's National Cyber Crime Unit, praised the collaborative effort that led to the successful prosecution. He urged other organisations to engage with law enforcement early in similar incidents, highlighting the significant disruption caused by the TfL attack. London's Transport Commissioner, Andy Lord, welcomed the sentences, reaffirming TfL's commitment to protecting customer data and maintaining system security.

Why this matters: This case highlights the growing threat of cybercrime to critical national infrastructure and major corporations, underscoring the UK's commitment to prosecuting such offences. It also serves as a significant deterrent to young individuals considering cybercriminal activities.

What this means for you: What this means for you: This sentencing helps protect the vital services you rely on, like public transport, from future cyberattacks. It reinforces the importance of robust cybersecurity measures for organisations and demonstrates the serious consequences for those who engage in cybercrime.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.