South African Airways says cyberattack disrupted operational systems

South Africa’s state-owned airline said a cyberattack on Saturday temporarily disrupted its website and several internal operational systems.

South African Airways (SAA) said the attack also affected its mobile application but noted the IT team was able to contain the incident and “minimize disruption to core flight operations.”

“They also ensured the continued functionality of essential customer service channels, such as the airline's contact centers and sales offices,” the airline said in a statement published on Tuesday. “Normal system functionality across all affected platforms was restored later the same day.”

The airline did not respond to requests for comment about whether the incident involved ransomware. 

CEO John Lamola said they are currently investigating the incident to “determine the root cause” and are looking into the potential leak of sensitive information. 

The company reported the incident to the State Security Agency, the South African Police Service (SAPS) and the Information Regulator of South Africa “as a precautionary measure.”

SAA said it plans to notify anyone who may have had information stolen during the attack. The company reported more than $300 million in revenue last year and services flights to 16 locations. 

As of Wednesday afternoon, no hacking group had taken credit for the incident. 

South Africa continues to face an unprecedented assault on its major institutions by cybercriminal gangs.

In 2023, a ransomware gang leaked the personal phone number and email of the country’s president alongside a portion of the 1.6 terabytes of data stolen from the country’s defense department.

Since then, cybercriminals have caused havoc with incidents involving a state-owned bank, an energy giant, the government workers pension fund and the country’s national lab service. 

In the first four months of this year, threat actors have already breached South Africa’s government weather service, the largest chicken producer and one of the largest telecommunications companies. 

Last week, South African telecom MTN Group said it suffered a cyberattack that exposed the personal information of an unknown number of customers. The company is the largest provider in Africa. 

The string of attacks prompted South Africa’s government to enact a new law in April that forces all organizations to report cyberattacks to the country’s information regulator, an effort to facilitate the “monitoring of security incidents affecting personal information,” regulators said.