British authorities have charged two teenagers, Thalha Jubair (19) from East London and Owen Flowers (18) from Walsall, in connection with a series of cyberattacks attributed to the Scattered Spider hacking collective. They face multiple counts under UK and U.S. law following investigations into widespread digital intrusions.
The pair are charged in the UK with conspiring to commit unauthorised acts against the Transport for London (TfL) systems after a disruption in August 2024. The attack compromised customer data, affected thousands of users, and cost TfL tens of millions of pounds in damages.
In addition to the TfL charges, Flowers is accused of plotting attacks on two U.S. healthcare entities, SSM Health Care Corporation and Sutter Health. Jubair also faces a charge under the UK’s Regulation of Investigatory Powers Act for allegedly refusing to surrender passwords and PINs for devices seized in the course of investigations.
Law enforcement officials, including the National Crime Agency (NCA) and City of London Police, worked in coordination with international partners, such as the U.S. Department of Justice and the FBI, to build the case.
Adam Meyers, Head of Counter Adversary Operations, CrowdStrike commented, “The arrests of SCATTERED SPIDER members in the UK represent a significant blow to one of the most disruptive eCrime groups operating today. Since emerging in 2022, SCATTERED SPIDER has conducted increasingly aggressive ransomware and extortion campaigns across a number of verticals. This coordinated law enforcement action will likely degrade SCATTERED SPIDER’s operations in the near term. More importantly, it sends a message: cybercriminals who aggressively extort and disrupt are not beyond reach. But this isn’t just about arrests — it demonstrates the impact of strong public-private collaboration — when law enforcement and industry share intelligence and act decisively, we can disrupt operations that are inflicting real damage on global businesses.”
The Scattered Spider group is known for its use of social-engineering techniques, such as impersonation and exploiting IT help-desk vulnerabilities, to gain access to corporate and institutional systems. Experts say Jubair and Flowers are part of a broader trend of younger hackers being drawn into high-stakes cybercrime across borders.
Separately, in July 2025, four people (including individuals aged 17-20) were arrested in the UK for their alleged roles in cyberattacks on major retailers including Marks & Spencer, Co-op, and Harrods. These attacks, linked to Scattered Spider, reportedly involved data theft, disruptions to business operations, and large-scale extortion.
The teenagers are due to appear in court; if convicted of their charges under the Computer Misuse Act, wire fraud statutes, and other relevant legislation, they could face severe penalties.
Authorities say the arrests mark a key moment in efforts to disrupt this loosely organised network, but also warn that dismantling such groups is complex, given their ability to recruit, their distributed structure, and evolving tactics.
