Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Scattered Spider members behind TfL hack get five years in prison

0
Medium
Vulnerability
Published: 07/16/2026 (07/16/2026, 12:31:29 UTC)
Source: Bleeping Computer

Description

Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024. [...]

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 12:32:48 UTC

Technical Analysis

In 2024, the Scattered Spider cybercrime collective successfully breached Transport for London's network, causing significant disruption to internal systems and public services such as Dial-a-Ride, concessionary travel cards, digital payments, and contactless ticketing rollout. The attack rendered 148 systems inoperable and forced all 27,000 TfL employees to reset passwords in person. Customer data including names, addresses, and contact details were stolen. The financial impact on TfL was £29 million in losses and recovery costs, with officials estimating a potential £56 billion loss to the UK economy had the transport network been fully shut down. Two leading members of Scattered Spider were arrested and sentenced to five years and six months in prison after pleading guilty under the Computer Misuse Act. Law enforcement highlighted TfL's early cooperation as critical to the successful prosecution. The group was also implicated in numerous other cyberattacks and extortion campaigns targeting critical infrastructure and major organizations in the UK and US.

Potential Impact

The attack caused widespread disruption to TfL's internal systems and public-facing services, including critical transportation and payment systems. It resulted in significant financial losses (£29 million) and operational impact, including the inoperability of 148 systems and mandatory password resets for all employees. Sensitive customer data was stolen, raising privacy and data protection concerns. The broader potential economic impact was estimated at up to £56 billion if the transport network had been fully disabled. The incident also led to law enforcement action and convictions against key threat actors, disrupting the cybercrime group’s activities.

Mitigation Recommendations

No specific patch or remediation is indicated for this incident as it relates to a criminal intrusion rather than a disclosed software vulnerability. The vendor (TfL) cooperated early with law enforcement, which was credited as critical to the successful prosecution of the attackers. Organizations are encouraged to engage promptly with law enforcement if similarly targeted. General cybersecurity best practices and incident response readiness remain important but are not detailed in this report.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Threat ID: 6a58cf6468715ace43057500

Added to database: 07/16/2026, 12:32:36 UTC

Last enriched: 07/16/2026, 12:32:48 UTC

Last updated: 07/17/2026, 01:15:39 UTC

Views: 11

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses