South African Airways reports ‘significant cyber incident’

South African Airways (SAA) has been impacted by a “significant cyber incident” that began on Saturday, 3 May 2025. The breach temporarily disrupted access to the airline’s website, mobile application, and several internal operational systems, prompting swift response measures to mitigate its effects.

“SAA immediately activated its robust disaster management and business continuity protocols upon detection of the incident,” the airline said in a statement. “These swift actions successfully contained the incident and minimized disruption to core flight operations. They also ensured the continued functionality of essential customer service channels, such as the airline’s contact centers and sales offices. Normal system functionality across all affected platforms was restored later the same day.”

SAA management has initiated an investigation conducted by independent digital forensic investigators to determine the root cause and full scope of the incident and explore the possibility that the disruption resulted from external cybercrime activities.

The incident has been formally reported to the State Security Agency, South African Police Service for criminal investigation and notifying the Information Regulator of South Africa as a precautionary measure under the Protection of Personal Information Act.

“Regarding the potential impact on data, the preliminary investigation is currently assessing the full extent of the incident and actively working to determine if any data was accessed or exfiltrated.” SAA said, adding that it will notify any affected parties directly, in accordance with regulatory requirements, should the investigation confirm a data breach.

Read more at South African Airways