South African Airways (SAA) faced a cyberattack that disrupted its website, mobile app, and internal systems starting on 3 May. The airline confirmed the attack lasted for several days, affecting customer access to its services. SAA quickly activated its disaster management protocols to contain the incident and minimize disruptions to flight operations. The airline ensured that customer service channels, such as contact centers and sales offices, remained functional during the outage.
The airline did not disclose specifics of the cyberattack, leaving its exact nature unclear, including whether it was ransomware-related. South Africa has seen a rise in ransomware attacks targeting both public and private sectors in recent years. During the outage, SAA relied heavily on its call center to manage customer bookings and inquiries. The airline assured that normal operations have now been restored across all service channels.
SAA launched a forensic investigation into the incident to determine its root cause and identify any potential data compromises. As a national key point, the airline also filed statutory reports to the State Security Agency, police, and Information Regulator. The full impact on personal information of clients and employees is still being assessed, and affected individuals will be contacted directly.
SAA emphasized that protecting consumer data and securing its business systems remains a top priority. The airline has vowed to strengthen its security framework and take steps to mitigate future risks. SAA’s CEO, John Lamola, reassured customers that the airline is focused on restoring security and maintaining the integrity of its systems.
Reference:
