South African Airways (SAA) confirmed a significant cyber incident on May 3, 2025, which temporarily disrupted its website, mobile app, and some internal systems. However,
the airline was able to restore normal operations by the end of the same day, thanks to swift response measures.
Upon discovering the breach, SAA activated its disaster management and business continuity protocols to ensure core flight operations and key customer service platforms, such as contact centers and sales offices, continued functioning. Group CEO Prof. John Lamola emphasized that the security and protection of customer data are top priorities, and the airline is actively working to assess the impact and reinforce its cybersecurity.
Following the incident, independent digital forensic investigators were brought in to determine the cause and extent of the breach. Early signs suggest external cybercriminal involvement. Due to SAA's designation as a National Key Point, the incident was reported to the South African State Security Agency (SSA) and the South African Police Service (SAPS), triggering a criminal investigation.
SAA is also complying with the Protection of Personal Information Act (POPIA) by notifying the Information Regulator of South Africa. The airline is focusing on whether any sensitive data was compromised, though there has been no confirmation of data theft. It urges customers to remain vigilant and report any suspicious activity.
SAA continues to collaborate with investigators and government authorities to understand the full scope of the attack. The airline is committed to enhancing its cybersecurity protocols and infrastructure, learning from this incident to prevent future attacks.
This breach adds to a growing trend of cyber incidents in South Africa, with notable attacks on sectors like healthcare, telecommunications, and government. Recent high-profile breaches include attacks on Astral Foods, the National Health Laboratory Service, and government institutions, as well as ransomware attacks by groups like LockBit.
In response to the increasing cyber threats, the South African government introduced new regulations in April 2025, mandating that all cyberattacks be reported to the country's Information Regulator. This law aims to improve national cybersecurity and ensure faster, coordinated responses to incidents involving sensitive data.
SAA is continuing its investigation and focusing on securing its systems while maintaining customer trust. Customers are advised to monitor their accounts for suspicious activity and remain cautious of phishing scams.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
