Scattered Spider attacked Transport for London on 31 August 2024, ultimately exposing data of approximately 10 million customers — one of the largest breaches in British history. Stolen data included names, email addresses, phone numbers, and home addresses. Two UK teenagers, Thalha Jubair (19) and Owen Flowers (18), were arrested by the NCA and charged. The breach caused an estimated £39 million in damages and was not fully disclosed publicly until early 2026, 18 months after the incident.