South African Airways (SAA) has confirmed a significant cyber incident disrupted its digital operations on Saturday, 3 May 2025.
The attack temporarily took down the airline’s website, mobile app, and some internal systems, according to a news report by MyBroadband.
Upon detecting the breach, SAA activated its disaster recovery and business continuity protocols. The airline said these measures quickly contained the incident and restored core operations the same day. Customer service channels, including contact centres and sales offices, remained functional throughout the event.
Management launched a formal investigation to assess the full extent and origin of the incident. Independent digital forensic specialists were engaged to determine whether external cybercriminals were involved.
As a designated National Key Point, SAA officially reported the incident to the State Security Agency and the South African Police Service. It also notified the Information Regulator as required under the Protection of Personal Information Act.
The airline is currently verifying whether any personal or operational data was accessed or exfiltrated. SAA assured that affected parties will be informed directly if any data breach is confirmed.
“In response to the cyber incident that began on May 3rd, we acted swiftly to contain the disruption, restore services, and initiate a comprehensive investigation,” said SAA Group CEO John Lamola. He added that SAA’s business continuity plans ensured minimal disruption to passengers and operational safety.
Lamola emphasized that the airline is taking all necessary steps to reinforce its cybersecurity infrastructure and prevent future incidents. He reiterated SAA’s commitment to safe, reliable, and resilient air transport services
About Author
