The breach prompted swift response measures, says South African Airways.
South African Airways (SAA) has become the latest organisation to fall victim to a cyber attack.
In a statement released today, the flagship carrier of South Africa says it has been impacted by a significant cyber incident that began on Saturday, 3 May.
According to SAA, the breach temporarily disrupted access to the airline’s website, mobile application and several internal operational systems, prompting swift response measures to mitigate its effects.
On Saturday, the airline took to social media to say: “SAA regrets to inform customers that we are experiencing an intermittent technical system outage affecting the SAA website and mobile app. Our teams are working on resolving the issue as soon as possible. We apologise for any inconvenience this may cause and will provide updates accordingly.”
The SAA cyber attack comes as South African organisations are increasingly targeted by cyber criminals.
Mobile operators Cell C and MTN are some of the latest victims to be hit by cyber attacks.
South Africa is the most targeted country in Africa, when it comes to infostealer and ransomware attacks, according to global cyber security company ESET’s bi-annual Threat Report. Data and expert insight collected between June and November 2024 revealed that over 40% of ransomware attacks and just under 35% of infostealer incidents on the continent occurred in South Africa.
SAA adds that, upon detection of the incident, it immediately activated its “robust” disaster management and business continuity protocols.
It notes these swift actions successfully contained the incident and minimised disruption to core flight operations.
According to the firm, the actions also ensured the continued functionality of essential customer service channels, such as the airline’s contact centres and sales offices. Normal system functionality across all affected platforms was restored later the same day, it adds.
The airline states that, recognising the potential implications of such an event, its management swiftly initiated an investigation conducted by credible, independent digital forensic investigators to determine the root cause and full scope of the incident and explore the possibility that the disruption resulted from external cyber crime activities.
“In line with its commitment to regulatory compliance and transparency, SAA has undertaken all reasonable and lawful steps as a National Key Point, including formally reporting the incident to the State Security Agency, South African Police Service for criminal investigation and notifying the Information Regulator of South Africa as a precautionary measure under the Protection of Personal Information Act,” SAA adds.
Regarding the potential impact on data, it says, the preliminary investigation is currently assessing the full extent of the incident and actively working to determine if any data was accessed or exfiltrated.
SAA says it is committed to notifying any affected parties directly, in accordance with regulatory requirements, should the investigation confirm a data breach.
“The security and integrity of our business systems and the protection of the consumer data entrusted to us remain our highest priority,” says professor John Lamola, group CEO, SAA.
“In response to the cyber incident that began on 3 May, we acted swiftly to contain the disruption, restore services and initiate a comprehensive investigation. Our robust business continuity measures ensured operational stability, particularly for our valued customers.
“I want to assure all stakeholders, including our partners, customers and dedicated employees, that we are taking every necessary step to determine the root cause of this incident, strengthen our security framework and mitigate any potential risks. SAA remains committed to delivering safe, reliable and resilient service.”
