Cybersecurity incident confirmed by SAA; probe initiated
South African Airways (SAA) Reels from Cyber Attack
In an unfortunate turn of events, SAA, the national carrier, faced a significant cyber attack over the weekend, leading to disruptions of digital and operational systems, including the website, mobile app, and internal platforms.
Reacting swiftly to the breach, the airline hastily activated its disaster management and business continuity protocols, minimizing operational disruptions. Amidst the chaos, core services like flight operations, customer contact centers, and sales offices continued without a hitch throughout the incident.
The quick response and robust business continuity measures put in place ensured operational stability, especially for valued customers. By the end of the day, normal system functionality was restored.
Considering the gravity of the breach, SAA has teamed up with independent digital forensic experts to carry out a comprehensive investigation. The aim is to uncover the root cause and full extent of the intrusion, including whether any customer data was compromised or exfiltrated.
With a strong commitment to adhering to its responsibilities as a National Key Point, SAA reported the incident to the State Security Agency (SSA) and the South African Police Service (SAPS). Additionally, as a precautionary measure, it informed the Information Regulator under the Protection of Personal Information Act (POPIA).
John Lamola, SAA Group CEO, assured the public that the security of customer data and the integrity of its business systems are of utmost importance. He expressed that the airline has acted swiftly to contain the disruption, restore services, and initiate a thorough investigation.
"Our robust business continuity measures ensured operational stability, particularly for our valued customers," he said. Lamola reaffirmed the airline's dedication to transparency and diligence, emphasizing ongoing cooperation with law enforcement and cyber forensic teams.
The breach represents one of the most notable cyber events to impact a South African state-owned enterprise in 2025, occurring at a time when national infrastructure and critical services are facing escalating cybersecurity threats.
Crucial Details to Know
- Date of Cyber Attack: The attack occurred on Saturday, May 3, 2025.
- Impact: The attack caused a temporary disruption of SAA's website, mobile application, and several internal operational systems, but core flight operations and essential customer service channels remained unscathed.
- Preliminary Findings: Preliminary investigation findings suggest that the disruption might have been the work of external cybercriminal activity.
- Investigation: The airline has launched a full-scale investigation with digital forensic experts to determine the root cause and assess the full extent of the breach.
- Data Impact: At the moment, there is no confirmed data loss, and the investigation is ongoing to evaluate if any sensitive information was accessed or stolen during the incident.
- Legal and Regulatory Involvement: The incident was reported to the SSA, SAPS, and the Information Regulator as a precautionary measure.
As the investigation continues, SAA will keep the public updated on its progress and any potential data compromise. The airline has vowed to take every necessary step to determine the root cause of the incident, strengthen its security framework, and mitigate any potential risks.
The cyber attack that affected South African Airways (SAA) over the weekend was a significant incident involving technology and general-news, as it disrupted digital and operational systems, including the website, mobile app, and internal platforms. In light of the breach, SAA has partnered with digital forensic experts to investigate the crime-and-justice implications, aiming to uncover the root cause and extent of the intrusion, including whether any customer data was compromised or exfiltrated.
