South African Airways (SAA) announced that it has been impacted by a significant cyber incident that began on Saturday, temporarily disrupting access to the airline’s website, mobile application, and several internal operational systems, prompting swift response measures to mitigate its effects. The airline immediately activated its robust disaster management and business continuity protocols upon detection of the incident.
“These swift actions successfully contained the incident and minimised disruption to core flight operations,” SAA said in a Tuesday media statement. “They also ensured the continued functionality of essential customer service channels, such as the airline’s contact centers and sales offices. Normal system functionality across all affected platforms was restored later the same day.”
Recognising the potential implications of such an event, SAA management swiftly initiated an investigation conducted by credible, independent digital forensic investigators to determine the root cause and full scope of the incident and explore the possibility that the disruption resulted from external cybercrime activities.
Regarding the potential impact on data, the preliminary investigation is currently assessing the full extent of the incident and actively working to determine if any data was accessed or exfiltrated. SAA is committed to notifying any affected parties directly, under regulatory requirements, should the investigation confirm a data breach.
“The security and integrity of our business systems and the protection of the consumer data entrusted to us remain our highest priority. In response to the cyber incident that began on May 3rd, we acted swiftly to contain the disruption, restore services, and initiate a comprehensive investigation,” John Lamola, Group CEO of South African Airways, assured in the statement. “Our robust business continuity measures ensured operational stability, particularly for our valued customers. I want to assure all stakeholders, including our partners, customers, and dedicated employees, that we are taking every necessary step to determine the root cause of this incident, strengthen our security framework, and mitigate any potential risks. SAA remains committed to delivering safe, reliable, and resilient service.”
SAA continues to work closely with law enforcement and investigators, reaffirming its unwavering dedication to operational excellence and the integrity of its systems.
The statement noted that in line with its commitment to regulatory compliance and transparency, SAA has undertaken reasonable and lawful steps as a National Key Point, including formally reporting the incident to the State Security Agency (SSA), South African Police Service (SAPS) for criminal investigation and notifying the Information Regulator of South Africa as a precautionary measure under the Protection of Personal Information Act (POPIA).
About a fortnight back, South African telecommunications company MTN Group said that it suffered a cyberattack that exposed the personal information of an unknown number of customers.
The Johannesburg-based firm informed “stakeholders that it has experienced a cybersecurity incident that resulted in unauthorised access to personal information of some MTN customers in certain markets. Our core network, billing systems, and financial services infrastructure remains secure and fully operational. An unknown third party has claimed to have accessed data linked to parts of our systems. At this stage, we do not have any information to suggest that customers’ accounts and wallets have been directly compromised.”
During the first four months of this year, hackers have already breached South Africa’s government weather service, the largest chicken producer, and one of the largest telecommunications companies.
Medical technology firm Masimo Corporation revealed that it detected unauthorized activity this week on its on-premise network, impacting its manufacturing operations. The breach, identified on April 27, triggered the activation of the company’s incident response procedures, which included isolating affected systems and launching an investigation in collaboration with external cybersecurity experts.
