South African Airways on Tuesday said its systems have recovered following a “significant cyber incident” that began on 3 May and disrupted access to the airline’s website, mobile app and “several internal systems”.
“SAA immediately activated its robust disaster management and business continuity protocols upon detection of the incident,” the airline said in a statement.
“These swift actions successfully contained the incident and minimised disruption to core flight operations. They also ensured the continued functionality of essential customer service channels, such as the airline’s contact centres and sales offices.”
SAA relied on its call centre to manage customer engagements such as bookings during the outage and confirmed that normal functionality across all channels has been restored. Details on the attack were not disclosed, and so it’s not known if the incident was ransomware related. Ransomware has become a plague in South Africa, with a large number of public and private sector organisations being impacted in the last year.
SAA said it has initiated a forensic investigation into the incident. Since SAA is a national key point, statutory reports to the State Security Agency, the police and the Information Regulator have also been submitted, it said.
The full extent of the impact of the attack on the personal information of SAA clients and employees is yet to be determined, but the airline said any affected parties will be contacted with details directly.
Read: Cell C warns of fraud risk after threat actor publishes stolen data
“The security and integrity of our business systems and the protection of the consumer data entrusted to us remain our highest priority. We are taking every necessary step to determine the root cause of this incident, strengthen our security framework and mitigate any potential risks,” said SAA group CEO John Lamola. – © 2025 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.
Don’t miss:
MTN attackers made demand for payment