Two young men have been sentenced to 66 months in prison by the United Kingdom’s National Crime Agency for their involvement in a significant cyberattack on Transport for London in 2024. This attack severely disrupted the public transport network’s operations.
Thalha Jubair and Owen Flowers, both in their late teens, were apprehended at their residences in September 2025. Their sentencing follows a guilty plea entered last month, just as their trials were scheduled to commence. Flowers had previously been arrested in connection with the incident in September but was released after initial questioning.
Scattered Spider’s Role in the Cyberattack
According to cybersecurity researchers, Jubair and Flowers were identified as leading members deeply involved with Scattered Spider. This group is described as a nebulous hacker collective, reportedly a subset of a larger organization known as The Com. The 20-year-old Jubair was particularly noted as a prolific cybercriminal and a core figure within this unbound collective.
U.S. authorities previously accused Jubair of direct and prominent participation in approximately 120 cyberattacks, including extortion schemes targeting 47 U.S.-based organizations. The January 2025 attack on the federal court system was also linked to his activities.
Financial Activities and Resources
Officials stated they traced cryptocurrency transfers totaling at least $89.5 million, at the time of the transactions, to Bitcoin addresses and servers under Jubair’s control. Records from an unsealed criminal complaint against Jubair indicate that two financial services firms collectively paid him sums of $25 million and $36.2 million in Bitcoin between June and November 2023.
Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, told CyberScoop that at the time of Jubair’s arrest, he was considered one of the four most significant individuals associated with Scattered Spider, and among the two most central players. Allison Nixon, chief research officer at Unit 221B, added that Jubair and Flowers possessed considerable resources and support, with victim payments being reinvested into their operations.
Continuing Threat and Law Enforcement Response
The long-term impact of Jubair and Flowers’ apprehension and subsequent imprisonment remains a subject of ongoing assessment. While U.K. authorities maintain that these arrests and punishments have effectively curbed the group’s criminal activities, they acknowledge that other cybercriminals continue to leverage the Scattered Spider brand in more recent attacks.
Brett Leatherman, assistant director of the FBI Cyber Division, stated that the recent proceedings represent a significant stride in holding accountable key members of Scattered Spider. He highlighted the group’s consistent reliance on data extortion, SIM-swap attacks, and other social engineering tactics to breach networks and compromise critical services. The FBI also noted on LinkedIn that members of the group continue to target organizations globally, inflicting considerable financial and operational damage.
Escalation and Prosecution
When Owen Flowers, now 18 years old, was initially arrested for the Transport for London attack in 2024, investigators reported he was simultaneously engaged in attempts to hack U.S. healthcare providers SSM Health Care Corporation and Sutter Health, which had already experienced infiltration and damage.
Officials also indicated that both Jubair and Flowers were uncooperative following their arrests. Paul Foster, head of the National Crime Center’s National Cybercrime Unit, described the case as the most extensive cybercrime prosecution ever brought before U.K. courts, representing the culmination of nearly two years of diligent investigative work.
Foster emphasized that Scattered Spider has posed the most substantial cybercrime threat to the U.K. in recent years and that this investigation has significantly disrupted that threat and brought key offenders to justice.
However, Nixon expressed that the sentences for Jubair and Flowers appear remarkably lenient given the prolonged period of their continuous offenses. She voiced hope that the United States will pursue extradition for additional charges, suggesting that such action could prevent them from potentially exploiting mental health defenses to re-engage in harmful activities. Nixon also noted that legal frameworks might not adequately protect the public from individuals identified as repeat offenders, and that the cybercriminal community might inaccurately glorify their actions.
The next anticipated step involves potential extradition proceedings by U.S. authorities. It remains to be seen how these proceedings will unfold and whether they will lead to additional charges and incarceration for the defendants.

