
TWO members of the Scattered Spider cybercrime group, Thalha Jubair and Owen Flowers, have been sentenced to five and a half years in prison for their role in a 2024 ransomware‑style attack on Transport for London that caused service disruption and exposed customer data, according to SecurityAffairs. The incident was estimated to have cost Transport for London around £29 million.
The attackers gained access to internal networks through credential theft and social engineering, allowing them to encrypt systems and disrupt services used by vulnerable passengers. While no specific CVE has been linked to the intrusion, the breach highlighted gaps in multi‑factor authentication and network segmentation within the transport provider’s infrastructure.
Despite earlier arrests in 2025, Scattered Spider continued to claim responsibility for attacks well into 2026, showing the group’s resilience. The UK’s National Crime Agency said the latest convictions significantly weakened the gang’s ability to operate, a point also noted by SecurityWeek.
Law enforcement actions in early 2026, including arrests and extradition requests, have begun to dismantle the group’s infrastructure, with several alleged members facing proceedings in the United States where guilty pleas have already been entered. These developments suggest a broader effort to curb the transatlantic reach of Scattered Spider.
Defenders should review privileged access controls, enforce strict MFA on all remote entry points and monitor for anomalous login attempts that could signal credential theft. Regularly testing incident response plans and maintaining offline backups can limit the impact of similar ransomware‑style incidents.
Sharing threat indicators with trusted ISACs and collaborating with national computer emergency response teams helps defenders stay ahead of evolving tactics. Continued vigilance and timely patching of known vulnerabilities remain essential to reducing the attack surface.