A Cyber Attack Briefly Disrupted South African Airways Operations

South African Airways, the national flag carrier of South Africa, has been hit by a significant cyber attack that briefly disrupted its website, app, and systems. However, core flight operations remained unaffected thanks to swift response measures from the airline's IT team.

The Incident

On Saturday, May 3rd, 2025, South African Airways announced that it had been impacted by a significant cyber incident. The breach temporarily disrupted access to the airline's website, mobile application, and several internal operational systems. To mitigate its effects, SAA activated disaster and continuity protocols immediately.

The company reported the incident to national authorities, including the State Security Agency (SSA), South African Police Service (SAPS), and notified the Information Regulator of South Africa as a precautionary measure under the Protection of Personal Information Act (POPIA). The security breach was contained by the IT team, allowing SAA to resume all impacted systems the same day.

Investigation Underway

South African Airways is investigating the incident with the help of independent digital forensic experts to determine the root cause and full scope of the security breach. The company remains committed to delivering safe, reliable, and resilient service to its valued customers, partners, and employees.

Business Continuity Measures

"The security and integrity of our business systems and the protection of the consumer data entrusted to us remain our highest priority," said Prof. John Lamola, Group CEO of South African Airways. "In response to the cyber incident that began on May 3rd, we acted swiftly to contain the disruption, restore services, and initiate a comprehensive investigation."

Robust business continuity measures ensured operational stability, particularly for our valued customers. We are taking every necessary step to determine the root cause of this incident, strengthen our security framework, and mitigate any potential risks."

Cybersecurity Concerns in South Africa

In April 2025, the South African multinational telecommunications company MTN Group Limited disclosed a data breach that exposed subscribers' personal information. The incident did not impact the core network, billing systems, and financial services infrastructure.

Cell C, the fourth-largest mobile network operator in South Africa, confirmed a data breach following a RansomHouse cyberattack that occurred last year. The ransomware group has since leaked the stolen data on its dark web leak site. The gang claimed the theft of 2 TB of data, compromising personal information including full names, contact details, ID numbers, banking information, driver's license numbers, medical records, and passport details.

In March 2025, Astral Foods, South Africa's largest poultry producer, lost over $1M due to a cyberattack disrupting deliveries and impacting operations. These incidents highlight the growing concern of cybersecurity threats in South Africa.

Conclusion

South African Airways' swift response measures have minimized disruption to core flight operations. The airline is committed to strengthening its security framework and mitigating any potential risks. As cybersecurity threats continue to rise globally, it is essential for organizations like SAA to prioritize the protection of consumer data and maintain robust business continuity measures.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon (SecurityAffairs – hacking, South African Airways)