South African Airways was breached. Treasury was breached. The South African Weather Service – yes, even they – got caught in the storm.

While these large organisations try to spin calm press statements and patch their broken systems, the real target is quietly shifting.

It’s not just about airlines and government departments.

The damage is rolling downhill. Fast. And small businesses, freelancers, and everyday people are in the firing line.

This is how it works. And what you can do about it.

📉 Breaches at the Top

These aren’t isolated incidents.

The SAA breach in May 2025 disrupted public systems and raised concerns over possible data leaks. Treasury’s systems were reportedly infiltrated via a known Microsoft SharePoint vulnerability – a favourite for hackers targeting institutions with outdated software. And the SA Weather Service was also affected earlier this year, leading to system outages.

In each case, public-facing systems were targeted. Names, email addresses, internal communications – all potentially exposed.

But what happens next isn’t reported in the headlines.

🧨 How It Hits the Little Guy

1. Phishing Goes Local
Scammers use leaked data to craft hyper-specific phishing emails. If your info was in one of those breached databases, you could be getting fake SAA refund offers, Treasury invoice requests, or Weather Service alerts – and they’ll look legit.

2. Password Reuse Becomes Your Weakest Link
The majority of South Africans reuse passwords. So when attackers get hold of login info from one platform, they test it everywhere else – your email, bank account, eFiling profile, Netflix, the works.

3. Fraud in the Supply Chain
If you’re a small supplier or contractor dealing with government departments, you’re a prime target for fake payment instructions, forged purchase orders, or invoice interception scams. One convincing email, and you're out of pocket – sometimes permanently.

🚧 Why Small Businesses Should Be Nervous

Let’s not sugar-coat this. Most small businesses are soft targets.

Big organisations might have cybersecurity teams, response playbooks, backups and legal departments. You’ve got WhatsApp, a Gmail inbox, and a gut feeling.

When a major breach happens, attackers fan outwards. They hunt for connected suppliers, vendors, partners – and especially the ones who won’t notice until it’s too late.

If you think you’re too small to matter, you’ve misunderstood how cybercrime works.

🔒 What You Can Do Today

Here’s your punchlist. No jargon. Just smart moves:

• Reset your passwords – especially if you’ve flown SAA, dealt with Treasury, or registered for weather alerts.
• Use 2FA – on email, banking, social media, everything.
• Don’t trust invoice changes without picking up the phone and confirming with a known contact.
• Back up your data – cloud and offline.
• Treat every new email like bait – until you know it’s real.

And if your business deals with government entities?

Triple-check your processes. Call to verify requests. Watch for domain name lookalikes.

Don’t assume security upstream means you’re safe downstream.

🎯 Final Thought

The breach isn’t the end. It’s the beginning of weeks – sometimes months – of fallout.

South Africa’s digital infrastructure is under pressure. The big players are getting hit. And they’re not the final target. You are.

So stay sharp. Stay cynical. And above all – stay with Hackerstopped.