South African Airways hacked

South African Airways (SAA) has announced that it suffered a “significant cyber incident” that began on Saturday, 3 May 2025, disrupting access to the airline’s website and mobile application.

The breach also temporarily disrupted several internal operational systems, which SAA said prompted swift response measures to mitigate its effects.

SAA said it immediately activated its disaster management and business continuity protocols upon detecting the incident.

This helped to successfully contain the incident and minimise disruption to core flight operations, the airline stated.

Its rapid response also ensured the continued functionality of essential customer service channels, such as the airline’s contact centres and sales offices.

SAA said normal system functionality across all affected platforms was restored later the same day.

The airline said it recognised the potential implications of such an event, and its management quickly initiated an investigation.

SAA said credible, independent digital forensic investigators were conducting the investigation to determine the root cause and full scope of the incident.

This includes whether the disruption resulted from external cybercriminal activities.

SAA said it undertook all reasonable and lawful steps as a National Key Point, including formally reporting the incident to the State Security Agency and South African Police Service for criminal investigation.

It also notified the Information Regulator of South Africa as a precautionary measure under the Protection of Personal Information Act.

Regarding the potential impact on data, SAA said the preliminary investigation was still ongoing, and it was waiting for confirmation on whether any data was accessed or exfiltrated.

SAA assured that it would notify any affected parties directly, in accordance with regulatory requirements, should the investigation confirm a data breach.

“In response to the cyber incident that began on May 3rd, we acted swiftly to contain the disruption, restore services, and initiate a comprehensive investigation,” said SAA Group CEO John Lamola.

“Our robust business continuity measures ensured operational stability, particularly for our valued customers.”

Lamola said they were taking every necessary step to determine the root cause of this incident, strengthen SAA’s security framework, and mitigate any potential risks.

“SAA remains committed to delivering safe, reliable, and resilient service,” Lamola said.

South Africa under attack

SAA is the latest among dozens of companies and government agencies that have suffered data breaches and leaks since the start of 2025.

Mobile network operators Cell C and MTN were among those targeted by ransomware attacks in recent months. The attackers ultimately leaked the data stolen from Cell C online.

A ransomware gang also disrupted the South African Weather Services earlier this year, taking critical systems used by the aviation and marine industries offline.

At the start of the year, company tax and compliance service provider Govchain suffered a data breach. Soon thereafter, a data leak allowed a company called Edumarks to release students’ matric results early.

Also in January, a company called Claim Expert informed customers that it had suffered a leak, exposing the data of over 100,000 people.

Claim Expert provided Pick n Pay’s vehicle licence disc renewal service and the retailer’s customers who used the service were among those impacted.

In February, the Auditor-General flagged possible fraud at the Compensation Fund, which involved people’s user accounts allegedly being hacked to steal money from the fund.

South Africa’s largest real estate agency, Pam Golding, and the country’s largest chicken producer, Astral Foods, both reported data breaches in March.

Another ongoing matter from last year is the attack and defrauding of the South African Social Security Agency (Sassa).

Two independent security researchers, Joel Cedras and Veer Gosai, uncovered that fraudsters had stolen people’s identities and registered for the Social Relief of Distress (SRD) grant in their names.

Cedras and Gosai were first-year computer science students at Stellenbosch when they discovered, investigated, and reported the issue.