South Africa airways recovers from cyberattack that disrupted website and internal systems; swift response ensures flight operations remain unaffected
South African Airways (SAA) experienced a significant cyberattack on May 3, 2025, which temporarily disrupted access to its website, mobile application, and several internal operational systems.
The airline followed its business continuity and disaster management procedures to respond to the incident while operating essential flight operations.
SAA maintained vital customer service platforms through contact centers and sales offices to manage bookings and inquiries during the outage period.
The airline reported full platform functionality restoration across all platforms after the incident ended the same day.
A third-party forensic team investigates both what triggered the attack and its complete impact on the system.
SAA operates as a National Key Point which requires it to report the incident to the State Security Agency alongside the South African Police Service and Information Regulator under the Protection of Personal Information Act (POPIA).
South Africa faces an escalating cyber threat demonstrated by recent research showing it stands as the most targeted nation in Africa for ransomware and infostealer attacks.
