South African Airways (SAA) confirmed a significant cyber incident on Tuesday, which began on May 3, temporarily disrupting its website, mobile app, and internal systems. The airline quickly activated its disaster management protocols to minimize disruption and restore services the same day.
In a media statement, SAA said, “These swift actions successfully contained the incident and minimized disruption to core flight operations. They also ensured the continued functionality of essential customer service channels, such as contact centers and sales offices.”
An investigation by independent digital forensic experts is underway to determine the cause and scope of the incident, including whether it was the result of external cybercrime. SAA is also assessing whether any customer data was accessed or exfiltrated and will notify affected parties if a breach is confirmed.
John Lamola, Group CEO of SAA, emphasized the airline’s commitment to data security, stating, “The protection of consumer data remains our highest priority. We acted swiftly to contain the disruption, restore services, and initiate a comprehensive investigation.”
SAA is cooperating with law enforcement and regulators, including the State Security Agency (SSA) and the South African Police Service (SAPS), as part of its compliance with the Protection of Personal Information Act (POPIA).
This incident follows a similar cyberattack on telecommunications company MTN Group, which also disclosed a breach impacting customer data last month.
Earlier this year, cyberattacks affected South Africa’s government weather service, a major chicken producer, and a large telecom company. Additionally, medical tech firm Masimo Corporation recently reported unauthorized activity on its network, prompting an investigation.
