A preliminary report issued by the South African Airways (SAA) states its core business management information systems were not affected by the cyber attack it recently suffered.
This, after the flagship carrier of South Africa revealed it was impacted by a significant cyber incident that began on Saturday, 3 May.
According to SAA, the breach temporarily disrupted access to the airline’s IT systems, prompting swift response measures to mitigate its effects.
Providing an update on the cyber incident yesterday, SAA said a preliminary report indicates the cyber incident primarily targeted the airline’s website, mobile application and certain internal communication systems.
According to the airline, its core business management information systems were not affected by the attack.
“While the attack caused temporary disruptions to our website, flight operations − including scheduling, distribution, reservation, online and airport check-in, bag drop, baggage tracking and boarding systems − remained stable and functional throughout the incident,” it says.
“Additionally, there was no impact on our Voyager loyalty programme system, allowing members to continue earning and redeeming miles as usual.”
It adds that an expert digital forensic investigation is under way to determine the incident’s full scope, root cause, and if any personal data, such as passport, ID and credit card information, was accessed or exfiltrated.
SAA notes that there is presently no evidence its customer data or financial management systems were compromised.
“Should any evidence of data compromise be found, we will promptly notify affected individuals and corporations directly, in line with regulatory obligations.”
As reported before, it adds, SAA infrastructure is classified as a National Key Point, so the State Security Agency is also involved in the investigation and an advisory on future mitigatory interventions.
“SAA remains committed to the security and integrity of our business information systems and the protection of customer data. We have activated a project to further strengthen our cyber security defences and to mitigate possible future incidents.
“We appreciate the continued understanding of our valued customers and partners as we recover from this incident.”
Cyber security firm Check Point Software Technologies says the SAA cyber attack highlights the vulnerability of SA’s government and para-governmental institutions.
It adds that according to a recent Check Point Threat Intelligence Report, SA’s government and military institutions currently face the highest number of cyber attacks at 3 480 attacks per organisation per week.
This is followed by the communications sector, which faces an average of 1 062 attacks per organisation per week.
“Government and military organisations continue to take the brunt of cyber criminal activities,” says Lorna Hardie, regional director for Africa at Check Point.
“This is in part due to the critical skills shortages impacting government institutions, as well as the need for a co-ordinated and determined effort to secure key systems within the public sector. The growing reliance on digital infrastructure too, coupled with its public-facing nature, makes critical infrastructure prime targets for cyber criminals looking to exploit vulnerabilities,” she adds.
Check Point Software’s Q1 2025 Global Cyber Attack Report reveals an almost 50% surge in cyber threats worldwide, with Africa being the most targeted region.
Government institutions globally, with 2 678 attacks per organisation per week, saw a 51% increase in cyber attacks over the same period as last year. Ransomware attacks rose by 126% during the same period, says Check Point.
It adds that SA, with a comparatively modest number of attacks of 1 884 per organisation per week, had the most dramatic rise in attacks, with a year-on-year (YOY) increase of 69%.
According to the company, Nigerian organisations experience an average of 4 388 attacks per week (47% increase YOY), while Angolan organisations are attacked at an average of 4 727 (32% rise YOY). Kenyan organisations are attacked 4 004 times per week on average (+14% YOY).
“The continued rise in cyber attacks underscores the need for more robust security measures. Organisations must prioritise strengthening their cyber security postures, including deploying advanced threat detection systems, training staff on cyber security best practices and ensuring rapid incident response capabilities,” Hardie says.
Share