South African Airways (SAA) announced that it has been impacted by a significant cyber incident which began on Saturday, 3 May 2025. The breach temporarily disrupted access to the airline’s website, mobile application, and several internal operational systems, prompting swift response measures to mitigate its effects.
SAA immediately activated its robust disaster management and business continuity protocols upon detection of the incident. These rapid actions successfully contained the incident and minimised disruption to core flight operations. They also ensured the continued functionality of essential customer service channels, such as the airline’s contact centres and sales offices. Normal system functionality across all affected platforms was restored later the same day.
Recognising the potential implications of such an event, SAA management swiftly initiated an investigation, conducted by credible, independent digital forensic investigators, to determine the root cause and full scope of the incident and explore the possibility that the disruption resulted from external cybercrime activities.
In line with its commitment to regulatory compliance and transparency, SAA has undertaken all reasonable and lawful steps as a National Key Point. This includes formally reporting the incident to the State Security Agency (SSA), the South African Police Service (SAPS) for criminal investigation, and notifying the Information Regulator of South Africa as a precautionary measure under the Protection of Personal Information Act (POPIA).
Regarding the potential impact on data, the preliminary investigation is currently assessing the full extent of the incident and actively working to determine whether any data was accessed or exfiltrated. SAA is committed to notifying any affected parties directly, in accordance with regulatory requirements, should the investigation confirm a data breach.
Prof. John Lamola, Group CEO of South African Airways, provided the following assurance:
“The security and integrity of our business systems and the protection of the consumer data entrusted to us remain our highest priority. In response to the cyber incident that began on 3 May, we acted swiftly to contain the disruption, restore services, and initiate a comprehensive investigation. Our robust business continuity measures ensured operational stability, particularly for our valued customers. I want to assure all stakeholders, including our partners, customers, and dedicated employees, that we are taking every necessary step to determine the root cause of this incident, strengthen our security framework, and mitigate any potential risks. SAA remains committed to delivering safe, reliable, and resilient service.”
SAA continues to work closely with law enforcement and investigators, reaffirming its unwavering dedication to operational excellence and the integrity of its systems.
