South African Airways (SAA) has reported a cyber incident that began on Saturday, 3 May 2025, causing temporary disruptions to its website, mobile app, and internal systems.
The airline activated its disaster management and business continuity protocols to minimise disruption, ensuring continued customer service via contact centres and sales offices. Normal system functionality was restored the same day.
SAA has enlisted independent digital forensic investigators to determine the cause and scope of the breach, which may involve external cybercriminal activities. The airline has also reported the incident to the State Security Agency (SSA), the South African Police Service (SAPS), and the Information Regulator under the Protection of Personal Information Act (POPIA).
An investigation is ongoing to determine if any data was accessed or exfiltrated. SAA will notify affected parties directly if a data breach is confirmed.
Professor John Lamola, Group CEO of South African Airways, says: "The security and integrity of our business systems and the protection of the consumer data entrusted to us remain our highest priority. In response to the cyber incident that began on 3 May, we acted swiftly to contain the disruption, restore services, and initiate a comprehensive investigation. Our robust business continuity measures ensured operational stability, particularly for our valued customers.
"I want to assure all stakeholders, including our partners, customers, and dedicated employees, that we are taking every necessary step to determine the root cause of this incident, strengthen our security framework, and mitigate any potential risks. SAA remains committed to delivering safe, reliable, and resilient service."
