SAA hit by cyber attack

South African Airways (SAA) announced that it has been hit by a “significant cyber incident” that began on Saturday, 3 May 2025.

The breach temporarily disrupted access to the airline’s website, mobile application, and several internal operational systems, prompting response measures to mitigate its effects.

The airline said it is still investigating whether any data was breached and extraced by the incident. All necessary security and information authorities have been alerted.

When the incident took place, SAA said it immediately activated its disaster management and business continuity protocols upon detection.

This successfully contained the incident and minimised disruption to core flight operations, it said.

It also ensured the continued functionality of essential customer service channels, such as the airline’s contact centers and sales offices.

“Normal system functionality across all affected platforms was restored later the same day,” it added.

SAA said it has launched a full investigation into the incident with credible, independent digital forensic investigators to determine the root cause and full scope of the event.

It is also exploring the possibility that the disruption resulted from external cybercrime activities.

In line with regulatory requirements, the incident has been report to the State Security Agency (SSA) and South African Police Service (SAPS) for criminal investigation.

The Information Regulator of South Africa has been notified as a precautionary measure under the Protection of Personal Information Act (POPIA).

Regarding the potential impact on data, the preliminary investigation is currently assessing the full extent of the incident and actively working to determine if any data was accessed or exfiltrated.

“SAA is committed to notifying any affected parties directly, in accordance with regulatory requirements, should the investigation confirm a data breach,” it said.