Scattered Spider members behind TfL hack get five years in prison
Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024. The attack disrupted internal systems and online services, resulting in £29 million in losses and r…
Intelligence analysis by Llama

Two Scattered Spider members were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024. The attack resulted in £29 million in losses and recovery costs.
Imagine someone hacking into a big computer system that controls London's transportation. They caused a lot of problems and made the city lose a lot of money. The people who did this were caught and sentenced to prison. This is an important reminder that hacking is a serious crime and that we need to work together to prevent it.
Analysis
A $60B Vote of Confidence
The sentencing of the Scattered Spider members is a significant victory for law enforcement and a testament to the importance of cooperation between organizations and authorities. The attack on Transport for London (TfL) in 2024 was a major disruption to the city's transportation systems, resulting in £29 million in losses and recovery costs. The attackers also stole customer data, including names, addresses, and contact details. The UK economy could have lost up to £56 billion had the threat actors succeeded in shutting down the transport network.
Why Cursor?
The Scattered Spider cybercrime collective has been identified as the most significant cybercrime threat to the UK in recent years. The group's activities have been linked to a wave of cyberattacks against major UK retailers, including Harrods, Marks & Spencer, and Co-op. The group's members have also been charged with conspiracy to commit computer fraud, money laundering, and wire fraud in connection with at least 120 network breaches between May 2022 and September 2025.
The Road Ahead
The sentencing of the Scattered Spider members is a significant step forward in the fight against cybercrime. However, it also highlights the need for continued vigilance and cooperation between organizations and authorities. The UK government has announced plans to increase funding for cybersecurity initiatives and to improve cooperation between law enforcement agencies. The private sector must also play a role in preventing and responding to cyberattacks. This includes implementing robust cybersecurity measures, engaging with law enforcement, and sharing information about potential threats.
Key points
- Two Scattered Spider members were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024.
- The attack resulted in £29 million in losses and recovery costs.
- The attackers also stole customer data, including names, addresses, and contact details.
- The UK economy could have lost up to £56 billion had the threat actors succeeded in shutting down the transport network.
- The Scattered Spider cybercrime collective has been identified as the most significant cybercrime threat to the UK in recent years.
The sentencing of the Scattered Spider members is a significant victory for law enforcement and a testament to the importance of cooperation between organizations and authorities. It also serves as a warning to other organizations to engage with law enforcement in similar circumstances. The UK government's plans to increase funding for cybersecurity initiatives and to improve cooperation between law enforcement agencies are a positive step forward.
The sentencing of the Scattered Spider members does not address the root causes of cybercrime. The group's activities have been linked to a wave of cyberattacks against major UK retailers, and the group's members have also been charged with conspiracy to commit computer fraud, money laundering, and wire fraud. The UK government's plans to increase funding for cybersecurity initiatives and to improve cooperation between law enforcement agencies may not be enough to prevent future cyberattacks.



