South Africa’s much-anticipated R12 flight sale took off with the usual rush of bargain hunters. But in the aftermath, serious questions are being asked about passenger data security.
Image used for illustrative purposes/Ad Meskens/Wikimedia Commons
Low-cost carrier FlySafair is under scrutiny after a reported privacy lapse during its annual birthday promotion, which saw thousands attempt to secure heavily discounted tickets, according to MyBroadband.
The one-day sale, launched on 6 May, offered 50,000 domestic seats from a base fare of R12. Demand was intense, with users flooding the airline’s website from early morning in hopes of securing a deal.
However, according to a report by MyBroadband, a flaw in the booking process may have exposed sensitive personal information belonging to customers during the high-traffic event.
What went wrong
The issue reportedly occurred while users navigated the booking system under heavy load. During this process, certain personal details linked to bookings were visible when they should not have been, raising concerns about how customer data was handled in real time.
While the full technical scope of the exposure has not been publicly detailed, the incident highlights the risks that come with large-scale online sales events. Systems pushed to capacity can reveal vulnerabilities that are not always apparent under normal conditions.
This is not the first time the airline’s birthday sale has drawn attention for technical weaknesses. Previous promotions have seen users identify loopholes in the queuing system, designed to manage demand.
High demand, high risk
FlySafair’s birthday sale has become one of the most anticipated travel deals in South Africa. With ultra-low fares and limited availability, it consistently drives massive traffic spikes within minutes of launch.
This year’s edition followed a familiar pattern. Access to the booking platform was controlled via a virtual waiting room, with users randomly selected and given a limited window to complete their purchase.
While the system is intended to ensure fairness, it also concentrates large volumes of user data and activity into a short period. That creates a challenging environment for maintaining both performance and security.
The bigger picture
Data exposure incidents, even brief ones, can carry serious implications. Personal information such as names, contact details and booking data can be exploited if accessed by malicious actors.
In South Africa, where data protection is governed by the Protection of Personal Information Act, companies are expected to safeguard user data and report breaches where necessary.
For travellers, the incident serves as a reminder to stay vigilant. Using strong, unique passwords and monitoring accounts for unusual activity remain essential precautions when engaging with high-demand online platforms.
FlySafair has not yet publicly detailed the extent of the issue or confirmed how many users may have been affected.
(Source: MyBroadband)
Follow us on social media for more travel news, inspiration, and guides. You can also tag us to be featured.
TikTok | Instagram | Facebook | Twitter
ALSO READ:
