Two members of the Scattered Spider cybercrime network have been sentenced to five years and six months in prison each for a cyberattack targeting Transport for London.
Thalha Jubair and Owen Flowers were identified by the National Crime Agency as participants in the group, which is known for social engineering tactics including help desk impersonation and SIM-swapping.
The agency described the Transport for London investigation as lengthy, highly complex, and painstaking, crediting meticulous investigative work for the defendants' guilty pleas.

Officials said the case highlights the rising threat from English-speaking cybercriminals based in the UK and abroad who operate within loosely connected networks.
Scattered Spider gained global attention in September 2023 after breaching MGM Resorts International, causing widespread outages across casino operations including room keys and payment systems.
The same campaign compromised Caesars Entertainment, with attackers allegedly stealing customer data during the incident.
Security researchers characterize the group not as a traditional gang but as a loose collective linked through underground online communities where hackers share techniques and coordinate attacks.
Some participants in these communities have been connected to online harm groups involved in stalking, harassment, sextortion, and doxing.
The guilty pleas mark the first public admission of responsibility by key Scattered Spider members in a major criminal case.
Flowers separately admitted involvement in conspiracies targeting U.S. healthcare providers SSM Health and Sutter Health.
The National Crime Agency said the prosecution reflects broader efforts to dismantle the group through cooperation with international law enforcement partners.
Authorities continue investigating the wider ecosystem surrounding Scattered Spider, including links to cybercrime and online harassment networks behind recent high-profile attacks.







