printer friendly version

Echoes of 2018? Follow-up on Woolworths explosions

Two explosions at Woolworths stores in late May 2026 – one at Menlyn Park Shopping Centre in Pretoria on 28 May at approximately 1:00 am, and another at Preller Square Shopping Centre in Bloemfontein on 29 May at around 3:00 am – have drawn renewed attention to targeted threats against South Africa’s premier retailer.

Jimmy Roodt

As previously reported in SMART Security Solutions and the Citizen, both incidents involved the use of small improvised explosive devices that detonated on shelves during early-morning stocking, causing scattered stock and limited damage but no injuries. SAPS is investigating under the Explosives Act, with a National Forensic Task Team and Crime Intelligence experts now deployed. No arrests have been made at the time of writing.

Woolworths has heightened security nationwide, including additional measures at all stores. In this follow-up, SMART Security Solutions spoke to Jimmy Roodt, an experienced and accredited explosive ordnance disposal specialist from Gauntlet Security Solutions, who examines a strikingly similar campaign from 2018 and analyses the likely profile, motivations, and future trajectory of the perpetrator(s).

Roodt’s analysis is based on his years of experience in policing and as an explosives ordnance disposal (EOD) specialist; he is not officially involved in the ongoing investigation.

The 2018 Durban precedent

In July 2018, Woolworths stores in the Durban area faced a coordinated series of incendiary and explosive device attacks, primarily at prominent malls.

* Pavilion Shopping Centre, Westville (5 July 2018): An incendiary device detonated around 1:30 am, causing a fire in the men’s clothing section. The blaze was quickly extinguished by sprinklers, with no injuries.

* Gateway Mall, Umhlanga: Multiple devices were involved over several days. One triggered a fire; another – a cellphone attached to a PVC pipe with propellant, hidden in a jacket pocket – was discovered and neutralised. A third suspicious device was also reported in the vicinity.

These low-yield devices were timed for minimal occupancy, focused exclusively on Woolworths, and caused visible disruption (fire and damage) without mass casualties. Police opened cases under the Explosives Act, but public reporting indicates no swift arrests were made. Experts at the time linked the incidents to broader extortion tactics used against businesses in KwaZulu-Natal.

Roodt states that the parallels with the 2026 events are unmistakable: early morning timing, Woolworths-specific targeting, low-order effects, and evasion of immediate detection despite mall security systems.

A pattern of restrained professionalism

Across the 2018 Durban campaign and the 2026 Gauteng/Free State blasts, several consistent signatures emerge:

● Low-yield, controlled detonation: Devices displace stock and cause localised mess but leave shelves standing, with minimal charring or structural damage. This is consistent with small improvised low-explosive devices rather than high-order military or commercial explosives.

● Target specificity: Only Woolworths stores were affected across provinces and years.

● Operational restraint: Blasts occur when the public is absent (early hours, during or just before/after stocking), prioritising reputational and economic harm over physical casualties.

● Security evasion: Repeated success in placing devices inside secure mall environments suggests insider knowledge, detailed reconnaissance, or sophisticated counter-surveillance.

● No public claims: An absence of manifestos or ideological statements points away from terrorism toward a private grievance or extortion motive. Security experts, including those from the Institute for Security Studies, have noted strong similarities to past extortion patterns.

Roodt’s opinion: A professional vendetta

This campaign fits the profile of a malevolent grievance bomber (or targeted extortion bomber): a calculated, non-ideological actor (or small, tightly knit team) using explosives as a precision tool for business harm rather than random terror.

The suspect bomber – why ‘Highly Professional’?

Roodt adds that the perpetrator(s) demonstrate technical expertise and operational discipline:

● Consistent low-order results require knowledge of explosive chemistry, detonators, and placement to achieve disruption without catastrophic failure or excessive lethality.

● Multi-year persistence (2018–2026) with no arrests, despite SAPS Bomb Disposal Unit, forensic, and cyber investigations, indicates deep awareness of police methods and counter-forensic techniques.

● Successful bypassing of CCTV and mall security on multiple occasions implies either insider access or exceptional reconnaissance skills.

● A small core team is likely. This could consist of one or more ‘bomb-makers/planters’ with EOD/IED-level proficiency, supported by facilitators providing logistics and intelligence.

Possible key role players

● The injured party: An individual or entity that suffered a significant perceived wrong in a business dealing with Woolworths (e.g., a cancelled supplier contract, lease dispute, or perceived major commercial betrayal). This party may not handle the devices directly, but drives the motive.

● The angered/proxy facilitator (or enabler): A closely connected associate of the injured party – perhaps a family member, former partner, or ally – who harbours deep resentment and helps coordinate or resource the campaign without being the primary actor.

● The bomber/operator: The technical specialist executing the placements. Their professionalism suggests a possible prior background in law enforcement, the military, or private security.

Intended action and motivation

The clear objective is reputational and economic sabotage, according to Roodt. In other words, the perpetrator(s) wish to damage the name of Woolworths through sustained disruption, reduced foot traffic, insurance claims, and public unease.

Every element reinforces this:

● Exclusive focus on Woolworths stores, not neighbouring retailers.

● Timing and device scale deliberately minimise public harm while maximising media coverage and brand damage.

● This is not a random crime or terrorism but a personal vendetta, likely rooted in the perception of a ‘bad business deal’. The goal is not clear at the moment, but it could be to force concessions or payments, or to inflict ongoing pain.

Future outcomes: This will not end voluntarily

Roodt explains that a campaign spanning years suggests a deep, personal commitment among the parties. There is likely an informal ‘agreement’ to sustain pressure for as long as feasible. Worryingly, a gradual escalation in visibility and risk is evident – from 2018 fires to 2026 detonations.

However, Roodt notes, “While currently low-order and low-occupancy, continued activity increases the chance of miscalculation: a stronger charge, mistimed device, or shift to busier hours could result in injuries or fatalities. This would dramatically escalate the response, drawing heavier counter-terrorism resources and transforming a ‘manageable’ grudge into a national security priority.”

Apprehension is urgent, before the restraint that has so far protected lives erodes. Official SAPS updates will be critical. “These incidents underscore the need for robust bomb threat preparedness in the retail sector. Businesses and shoppers deserve resolution,” he concludes.

For more on bomb mitigation, contact accredited specialists such as Jimmy Roodt at Gauntlet Security Solutions (jimmy@gauntletss.com).

About Jimmy Roodt

A globally experienced and accredited explosives ordnance disposal (EOD) specialist and former Colonel in the South African Police Service, Jimmy has offered his expertise in bomb and IED mitigation across various conflict-affected nations, including Somalia, Libya, Myanmar, DRC Congo, Estonia, Vietnam, Taiwan, and others. Recognised for his humanitarian contributions, particularly in Vietnam, Jimmy has been honoured with the Vietnam Friendship Medal for his significant role in safeguarding lives against explosive threats.

Over the past few years, Jimmy has focused on the development, implementation, and management of private bomb first responder and explosive disposal services for the corporate industry. His expertise encompasses CBRNE (Chemical, Biological, Radiological, Nuclear, and Explosive) services, Explosive Ordnance Disposal (EOD), Bomb Awareness Training, and the development and implementation of Bomb Mitigation Policy Protocols.

Share this article:

Further reading: