South African Airways Recovers from Major Cyber Incident

South African Airways (SAA) has restored its systems after a significant cyber incident that disrupted operations starting 3 May. The attack affected the airline’s website, mobile app, and several internal systems.

In an official statement on Tuesday, SAA said it activated its disaster management and business continuity plans immediately after detecting the incident. This quick response helped contain the issue and limited its impact on flight operations. Key customer service functions, including call centres and sales offices, remained operational during the outage.

During the disruption, SAA relied on its call centre to handle bookings and other customer services. The airline confirmed that all services have now returned to normal.

Details of the cyberattack have not been disclosed, and it is unclear whether it involved ransomware. In recent months, ransomware attacks have severely impacted both public and private organisations across South Africa.

SAA has launched a forensic investigation to determine the cause of the attack. As a national key point, the airline has reported the incident to the State Security Agency, the South African Police Service, and the Information Regulator.

The airline said it is still assessing the impact on personal data. Affected customers and employees will be informed directly if their information was compromised.

“The security of our systems and the protection of customer data remain our top priority,” said SAA Group CEO John Lamola. “We are taking all necessary steps to investigate the incident, enhance our cybersecurity measures, and prevent future threats.”

Investigations are ongoing.