INC Ransom claims recent attack on South African Airways
The notorious INC ransom ransomware group said it breached the internal network of South African Airways and stole confidential data.
On May 6, in a press release, South Africa’s biggest airlines, South African Airways said that on May 3, it became a victim of a significant cyber incident in which unauthorised threat actors infiltrated its internal network. This caused major disruption to the airline’s website, mobile application, and several internal operational systems.
Immediately, an investigation was launched to determine the nature and scope of the incident.
“SAA activated its robust disaster management and business continuity protocols upon detection of the incident. These swift actions successfully contained the incident and minimised disruption to core flight operations.
“They also ensured the continued functionality of essential customer service channels, such as the airline’s contact centres and sales offices. Normal system functionality across all affected platforms was restored later the same day,” SAA said in its press release.
The airlines added that the incident was reported to the State Security Agency (SSA), South African Police Service (SAPS) for criminal investigation and the Information Regulator of South Africas a precautionary measure under the Protection of Personal Information Act (POPIA).
📢 Ransomware Alert:
— FalconFeeds.io (@FalconFeedsio) May 16, 2025
South African Airways (https://t.co/4NtYfs1qr7), the national carrier and largest airline of South Africa, has fallen victim to the INC RANSOM ransomware.
NB: The group intends to publish the data within one day.
🔍 Key Details:
🛡 Threat Actor: INC… pic.twitter.com/pRfsMuudGt
Recently, the INC Ransom ransomware group claimed responsibility for the cyber attack on SAA and listed it as a victim on its data leak site. A “part 1” of the stolen database was published on May 16 indicating a failed ransom negotiation and implying that additional data leaks may follow.
Assuring its customers, Prof. John Lamola, Group CEO of South African Airways, said, “I want to assure all stakeholders, including our partners, customers, and dedicated employees, that we are taking every necessary step to determine the root cause of this incident, strengthen our security framework, and mitigate any potential risks. SAA remains committed to delivering safe, reliable, and resilient service.”
Related Articles
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543