Cyber Incident Victim: South African Airways
Date:
May 2025
Location:
South Africa
Summary
SAA reported a significant cyber incident over the weekend that disabled several of its internal and customer‑facing digital systems, including the airline’s website. The breach affected multiple online services, disrupting normal operations and limiting access for both staff and passengers. It confirmed the incident as part of a broader trend of cyberattacks targeting government‑linked entities in the region.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 3, 2025, South African Airways experienced a significant cyber incident that the airline publicly confirmed. The airline stated that the breach disabled a number of its internal and customer‑facing digital structures. According to the confirmation, the SAA website and other systems were taken out as a result of the attack. The incident was disclosed in a BusinessLIVE article published on May 6, 2025, at 13:31. The article noted that SAA described the event as a significant cyber incident occurring over the weekend.
The disruption affected both internal operations and services accessible to passengers, though the article does not specify which particular functions were impaired. SAA indicated that the outage impacted multiple digital systems without detailing the extent of data compromise or service restoration timelines. The airline positioned itself as the latest in a series of government‑linked entities that have suffered similar breaches. No further technical details about the attack vector, threat actors, or mitigation steps were provided in the source material. The narrative is limited to the confirmed facts of the incident’s occurrence, its immediate effects on SAA’s digital infrastructure, and the airline’s public acknowledgment.