Echoes of 2018? Follow-up on Woolworths explosions

June 2026 News & Events, Security Services & Risk Management, Retail (Industry), Facilities & Building Management

Two explosions at Woolworths stores in late May 2026 – one at Menlyn Park Shopping Centre in Pretoria on 28 May at approximately 1:00 am, and another at Preller Square Shopping Centre in Bloemfontein on 29 May at around 3:00 am – have drawn renewed attention to targeted threats against South Africa’s premier retailer.


Jimmy Roodt

As previously reported in SMART Security Solutions and the Citizen, both incidents involved the use of small improvised explosive devices that detonated on shelves during early-morning stocking, causing scattered stock and limited damage but no injuries. SAPS is investigating under the Explosives Act, with a National Forensic Task Team and Crime Intelligence experts now deployed. No arrests have been made at the time of writing.

Woolworths has heightened security nationwide, including additional measures at all stores. In this follow-up, SMART Security Solutions spoke to Jimmy Roodt, an experienced and accredited explosive ordnance disposal specialist from Gauntlet Security Solutions, who examines a strikingly similar campaign from 2018 and analyses the likely profile, motivations, and future trajectory of the perpetrator(s).

Roodt’s analysis is based on his years of experience in policing and as an explosives ordnance disposal (EOD) specialist; he is not officially involved in the ongoing investigation.

The 2018 Durban precedent

In July 2018, Woolworths stores in the Durban area faced a coordinated series of incendiary and explosive device attacks, primarily at prominent malls.

* Pavilion Shopping Centre, Westville (5 July 2018): An incendiary device detonated around 1:30 am, causing a fire in the men’s clothing section. The blaze was quickly extinguished by sprinklers, with no injuries.

* Gateway Mall, Umhlanga: Multiple devices were involved over several days. One triggered a fire; another – a cellphone attached to a PVC pipe with propellant, hidden in a jacket pocket – was discovered and neutralised. A third suspicious device was also reported in the vicinity.

These low-yield devices were timed for minimal occupancy, focused exclusively on Woolworths, and caused visible disruption (fire and damage) without mass casualties. Police opened cases under the Explosives Act, but public reporting indicates no swift arrests were made. Experts at the time linked the incidents to broader extortion tactics used against businesses in KwaZulu-Natal.

Roodt states that the parallels with the 2026 events are unmistakable: early morning timing, Woolworths-specific targeting, low-order effects, and evasion of immediate detection despite mall security systems.

A pattern of restrained professionalism

Across the 2018 Durban campaign and the 2026 Gauteng/Free State blasts, several consistent signatures emerge:

Low-yield, controlled detonation: Devices displace stock and cause localised mess but leave shelves standing, with minimal charring or structural damage. This is consistent with small improvised low-explosive devices rather than high-order military or commercial explosives.

Target specificity: Only Woolworths stores were affected across provinces and years.

Operational restraint: Blasts occur when the public is absent (early hours, during or just before/after stocking), prioritising reputational and economic harm over physical casualties.

Security evasion: Repeated success in placing devices inside secure mall environments suggests insider knowledge, detailed reconnaissance, or sophisticated counter-surveillance.

No public claims: An absence of manifestos or ideological statements points away from terrorism toward a private grievance or extortion motive. Security experts, including those from the Institute for Security Studies, have noted strong similarities to past extortion patterns.

Roodt’s opinion: A professional vendetta

This campaign fits the profile of a malevolent grievance bomber (or targeted extortion bomber): a calculated, non-ideological actor (or small, tightly knit team) using explosives as a precision tool for business harm rather than random terror.

The suspect bomber – why ‘Highly Professional’?

Roodt adds that the perpetrator(s) demonstrate technical expertise and operational discipline:

● Consistent low-order results require knowledge of explosive chemistry, detonators, and placement to achieve disruption without catastrophic failure or excessive lethality.

● Multi-year persistence (2018–2026) with no arrests, despite SAPS Bomb Disposal Unit, forensic, and cyber investigations, indicates deep awareness of police methods and counter-forensic techniques.

● Successful bypassing of CCTV and mall security on multiple occasions implies either insider access or exceptional reconnaissance skills.

● A small core team is likely. This could consist of one or more ‘bomb-makers/planters’ with EOD/IED-level proficiency, supported by facilitators providing logistics and intelligence.

Possible key role players

The injured party: An individual or entity that suffered a significant perceived wrong in a business dealing with Woolworths (e.g., a cancelled supplier contract, lease dispute, or perceived major commercial betrayal). This party may not handle the devices directly, but drives the motive.

The angered/proxy facilitator (or enabler): A closely connected associate of the injured party – perhaps a family member, former partner, or ally – who harbours deep resentment and helps coordinate or resource the campaign without being the primary actor.

The bomber/operator: The technical specialist executing the placements. Their professionalism suggests a possible prior background in law enforcement, the military, or private security.

Intended action and motivation

The clear objective is reputational and economic sabotage, according to Roodt. In other words, the perpetrator(s) wish to damage the name of Woolworths through sustained disruption, reduced foot traffic, insurance claims, and public unease.

Every element reinforces this:

● Exclusive focus on Woolworths stores, not neighbouring retailers.

● Timing and device scale deliberately minimise public harm while maximising media coverage and brand damage.

● This is not a random crime or terrorism but a personal vendetta, likely rooted in the perception of a ‘bad business deal’. The goal is not clear at the moment, but it could be to force concessions or payments, or to inflict ongoing pain.

Future outcomes: This will not end voluntarily

Roodt explains that a campaign spanning years suggests a deep, personal commitment among the parties. There is likely an informal ‘agreement’ to sustain pressure for as long as feasible. Worryingly, a gradual escalation in visibility and risk is evident – from 2018 fires to 2026 detonations.

However, Roodt notes, “While currently low-order and low-occupancy, continued activity increases the chance of miscalculation: a stronger charge, mistimed device, or shift to busier hours could result in injuries or fatalities. This would dramatically escalate the response, drawing heavier counter-terrorism resources and transforming a ‘manageable’ grudge into a national security priority.”

Apprehension is urgent, before the restraint that has so far protected lives erodes. Official SAPS updates will be critical. “These incidents underscore the need for robust bomb threat preparedness in the retail sector. Businesses and shoppers deserve resolution,” he concludes.

For more on bomb mitigation, contact accredited specialists such as Jimmy Roodt at Gauntlet Security Solutions (jimmy@gauntletss.com).

About Jimmy Roodt

A globally experienced and accredited explosives ordnance disposal (EOD) specialist and former Colonel in the South African Police Service, Jimmy has offered his expertise in bomb and IED mitigation across various conflict-affected nations, including Somalia, Libya, Myanmar, DRC Congo, Estonia, Vietnam, Taiwan, and others. Recognised for his humanitarian contributions, particularly in Vietnam, Jimmy has been honoured with the Vietnam Friendship Medal for his significant role in safeguarding lives against explosive threats.

Over the past few years, Jimmy has focused on the development, implementation, and management of private bomb first responder and explosive disposal services for the corporate industry. His expertise encompasses CBRNE (Chemical, Biological, Radiological, Nuclear, and Explosive) services, Explosive Ordnance Disposal (EOD), Bomb Awareness Training, and the development and implementation of Bomb Mitigation Policy Protocols.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Woolworths attack raises bomb preparedness questions
News & Events
Two explosions have been reported at Woolworths stores in South Africa over the past week. SMART Security Solutions asked Jimmy Roodt, an experienced and accredited explosive ordnance disposal specialist from Gauntlet Security Solutions, for his insight into the events.

Read more...
Growing adoption of AI at work
News & Events AI & Data Analytics
AI adoption accelerates worldwide, with South Africa making gains amid uneven diffusion. Locally, South Africa ranks 46th of 147 economies measured, and its AI usage increased to 23,1% in Q1 2026.

Read more...
Enterprise AI hits the wall
News & Events AI & Data Analytics
Demands for AI privacy and sovereignty expose the limits of architectures built for centralised and borderless data flows. Organisations that redesign early are gaining a measurable edge in AI readiness and scale.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
From the Editor's desk: Security goes mainstream
Technews Publishing News & Events
      Welcome to SMART Security’s SMART Mining & Industrial Security Handbook 2026. While the world is focused on cybersecurity and AI, physical security has become a board-level concern across South Africa’s ...

Read more...
Global security in 2026
Editor's Choice News & Events Security Services & Risk Management Industrial (Industry) Mining (Industry)
The World Security Report 2026 states: “In a world of increasing volatility, physical security has evolved. It is no longer just a defensive measure; it is a critical driver of corporate value.”

Read more...
Who is to blame for autonomous mistakes?
Editor's Choice Security Services & Risk Management Industrial (Industry) Mining (Industry)
Most supply agreements for AI-integrated equipment still closely resemble plant hire contracts from ten years ago: bilateral, human-focused, and silent on who bears the risk when a machine makes a decision on its own.

Read more...
Industry perspective on industrial cybersecurity
Technews Publishing News & Events Infrastructure Industrial (Industry)
The Industrial Security Harmonization Group has released a joint industry perspective highlighting a critical truth in industrial cybersecurity: secure communication is not determined by protocols alone, but by how they are deployed and managed in real-world environments.

Read more...
The control room problem that nobody wants to talk about
Technews Publishing Editor's Choice
WhatsApp has become the unofficial backbone of security communications across the mining and industrial sectors, but it was never designed to be a security tool.

Read more...
Controlling access for people and vehicles
IDEMIA STid Security Technews Publishing Editor's Choice Access Control & Identity Management Asset Management Industrial (Industry) Mining (Industry)
When it comes to access control, the security requirements of mines and the industrial sector are similar, requiring a layered approach that combines physical barriers, digital authentication, and continuous monitoring to protect personnel, assets, and operational continuity.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.