SAA says it was impacted on May 3 by a cyber-breach that temporarily disrupted access to the airline’s website, mobile app and several internal operational systems.
In a statement, SAA explained that it activated its disaster management and business continuity protocols upon detection of the breach, to minimise disruption to its core flight operations. It had been reported to the State Security Agency and SAPS and SAA notified the Information Regulator of South Africa as a precautionary measure under the Protection of Personal Information Act (POPI).
The carrier says an investigation is under way, conducted by credible, independent digital forensic investigators to determine the root cause and full scope of the incident and explore the possibility that the disruption resulted from external cybercrime activities.
The preliminary investigation is currently assessing the full extent of the incident to determine if any data was accessed or exfiltrated.
SAA has committed to notifying any affected parties directly, in accordance with regulatory requirements, should the investigation confirm a data breach.
"The security and integrity of our business systems and the protection of the consumer data entrusted to us remain our highest priority,” said Professor John Lamola, Group CEO of SAA.
“I want to assure all stakeholders, including our partners, customers, and dedicated employees, that we are taking every necessary step to determine the root cause of this incident, strengthen our security framework, and mitigate any potential risks. SAA remains committed to delivering safe, reliable, and resilient service."