SAA has confirmed that it experienced a significant cyber incident which disrupted several of its digital and operational systems.
SAA has confirmed that it experienced a significant cyber incident which disrupted several of its digital and operational systems. Image: Alan Wilson / flickr

Home » SAA acknowledges significant cybersecurity breach, begins investigation

SAA acknowledges significant cybersecurity breach, begins investigation

SAA has confirmed that a major cyber incident disrupted multiple digital and operational systems.

By Garrin Lambley
07-05-25 09:14
in Featured
SAA has confirmed that it experienced a significant cyber incident which disrupted several of its digital and operational systems.
SAA has confirmed that it experienced a significant cyber incident which disrupted several of its digital and operational systems. Image: Alan Wilson / flickr

South African Airways (SAA) confirmed a significant cyber attack over the weekend that disrupted multiple digital and operational systems, including its website, mobile app, and internal platforms.

The national carrier acted quickly to contain the breach by activating its disaster management and business continuity protocols, minimizing any operational disruptions.

Despite the attack, core services such as flight operations, customer contact centers, and sales offices ran smoothly throughout the incident.

Response capabilities

Normal system functionality was restored later the same day, underscoring the airline’s crisis response capabilities.

Recognising the seriousness of the breach, SAA has launched a full-scale investigation in collaboration with independent digital forensic experts.

The goal is to determine the root cause and full extent of the intrusion, including whether any customer data was compromised or exfiltrated during the breach.

In line with its obligations as a National Key Point, the airline has formally reported the incident to the State Security Agency (SSA) and the South African Police Service (SAPS).

It has also notified the Information Regulator under the Protection of Personal Information Act (POPIA) as a precautionary measure.

SAA Group CEO John Lamola assured the public that the security of customer data and the integrity of its business systems are of paramount importance.

“This incident has prompted us to act swiftly to contain the disruption, restore services, and initiate a comprehensive investigation,” Lamola said.

“Our robust business continuity measures ensured operational stability, particularly for our valued customers.”

Lamola reaffirmed the airline’s commitment to transparency and diligence, emphasising ongoing cooperation with law enforcement and cyber forensic teams.

He noted that SAA will notify affected individuals directly if the investigation uncovers any data compromise.

“We are taking every necessary step to determine the root cause of this incident, strengthen our security framework, and mitigate any potential risks,” he added.

The breach marks one of the most notable cyber events to affect a South African state-owned enterprise in 2025, and comes at a time when national infrastructure and critical services face mounting cybersecurity threats.

Tags: DMumani featured Important SAA South Africa