Cybersecurity breach acknowledged by SAA; investigation initiated.
Hack Attack on South African Airways in 2025
Brief Insight on the Cyber Incident
The South African Airways (SAA) suffered a significant cyber attack on the weekend, causing disruptions to their digital and operational systems, such as the website, mobile app, and internal platforms. But SAA quickly jumped into crisis mode, activating disaster management and business continuity protocols to keep any operational interruptions minimal[1][3].
Keeping Calm and Carrying On
Despite the digital disruption, the airline managed to keep core services running smoothly, like the customer contact centers, sales offices, and even its flight operations[1][3]. The airline's quick response restored normal system functionality later in the day[1][3], showcasing their impressive crisis management capabilities.
To the Source of the Issue
SAA has launched a thorough investigation in collaboration with experienced digital forensic analysts to identify the root cause and the full extent of the breach. Key concerns surround the possible compromise or exfiltration of customer data[1][3]. As a National Key Point, the airline has formally reported the incident to the State Security Agency (SSA) and the South African Police Service (SAPS), and they've also notified the Information Regulator as a precaution[3].
The Leader Speaks
SAA Group CEO, John Lamola, has assured the public that their primary concern is the security of customer data and the integrity of its business systems[1][3]. "We're working hard to contain the disruption, restore services, and examine every aspect of this breach," said Lamola[1]. He reiterated the airline's commitment to transparency, emphasizing collaboration with law enforcement and cyber forensic teams[1].
Lamola indicated that anyone affected by the data compromise would be notified directly once the investigation's findings are revealed[1]. He also emphasized the airline's dedication to beefing up security measures and reducing potential risks[1].
Setting the Tone for Security
This cyber incident is one of the most significant to hit a South African state-owned enterprise in 2025, and it comes amid escalating cybersecurity threats targeting national infrastructure and critical services[1]. The event serves as a stark reminder of the need for robust security measures across various industries.
- John Lamola, SAA Group CEO, is emphasizing the airline's commitment to strengthening cybersecurity measures in the wake of the breach, acknowledging the growing cybersecurity threats targeting national infrastructure and critical services in 2025.
- Emphasizing transparency, Lamola also assured that anyone affected by the data compromise will be notified directly once the investigation's findings are revealed, signifying the airline's dedication to restoring customer trust.
- To ensure the stability of the airline's operations and customer data, SAA is collaborating with digital forensic analysts, the State Security Agency (SSA), the South African Police Service (SAPS), and the Information Regulator, confirming a focused approach to addressing the breach and minimizing potential future threats.
