Pierluigi Paganini
May 09, 2025
South African Airways (SAA) is the national flag carrier of South Africa, the airline is wholly owned by the South African government and has subsidiaries including SAA Technical and Air Chefs.
A cyberattack hit South African Airways, briefly disrupting its website, app, and systems. The IT team contained the incident and “minimized disruption to core flight operations.”
“6 May 2025 – South African Airways (SAA) announced today that it has been impacted by a significant cyber incident that began on Saturday, 3 May 2025. The breach temporarily disrupted access to the airline’s website, mobile application, and several internal operational systems, prompting swift response measures to mitigate its effects.” reads the press release published by the company on its website.
SAA activated disaster and continuity protocols immediately, it was able to resume all the impacted systems the same day.
SAA is investigating the incident with the help of independent digital forensic experts to determine the root cause and full scope of the security breach. The company reported the incident to national authorities, including the State Security Agency (SSA), South African Police Service (SAPS) for criminal investigation and notified the Information Regulator of South Africa as a precautionary measure under the Protection of Personal Information Act (POPIA).
The company did not share technical details about the cyber attack.
“The security and integrity of our business systems and the protection of the consumer data entrusted to us remain our highest priority. In response to the cyber incident that began on May 3rd, we acted swiftly to contain the disruption, restore services, and initiate a comprehensive investigation. Our robust business continuity measures ensured operational stability, particularly for our valued customers.” said Prof. John Lamola, Group CEO of South African Airways. “I want to assure all stakeholders, including our partners, customers, and dedicated employees, that we are taking every necessary step to determine the root cause of this incident, strengthen our security framework, and mitigate any potential risks. SAA remains committed to delivering safe, reliable, and resilient service.”
In April 2025, the South African multinational telecommunications company MTN Group Limited disclosed a data breach that exposed subscribers’ personal information, it added that the incident did not impact the core network, billing systems and financial services infrastructure.
In April, Cell C is the fourth-largest mobile network operator in South Africa, confirmed a data breach following a RansomHouse cyberattack that occurred last year. The ransomware group has since leaked the stolen data on its dark web leak site. The gang claimed the theft of 2 TB of data. Compromised data includes full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details.
In March 2025, Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack disrupting deliveries and impacting operations.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, South African Airways)
