Eskom cracks down on fraudulent electricity tokens with new security upgrades

Eskom has announced decisive new actions to protect its customers following a major breach of its Online Vending System (OVS), which was exploited to generate and distribute fraudulent prepaid electricity tokens.

The breach, revealed in Eskom’s full-year 2024 financial results released in December, exposed critical weaknesses in both the physical and cybersecurity layers of the utility’s infrastructure.

The fraudulent activity, which threatened to undermine public trust in Eskom’s prepaid electricity system, prompted an immediate and robust response from the state-owned utility.

“We uncovered weaknesses in physical and cybersecurity components on our OVS system,” said Monde Bala, Eskom’s Group Executive for Distribution.

Eskom has since launched a comprehensive review and intervention strategy to address these security gaps and strengthen its operations against future threats.

“Earlier this year, Eskom successfully strengthened the protection of its current systems against potential threats. All system enhancements are managed through a robust Change Management process that spans all divisions, ensuring consistent oversight and control,” explained Len De Villiers, Eskom’s Chief Technology and Information Officer.

To address the vulnerabilities that allowed the token fraud to occur, Eskom has reinforced its physical infrastructure and limited both physical and digital access points.

Eskom has also strengthened internal controls to combat electricity theft and enhanced monitoring capabilities to ensure greater transparency and timely detection of suspicious activities.

In parallel, Eskom has been working closely with law enforcement agencies to support ongoing investigations and ensure accountability. As part of this effort, internal employees who have been implicated have been placed on precautionary suspension pending further review.

Furthermore, Eskom has engaged an external IT firm to strengthen in-house capabilities and improve risk management. The utility has also fast-tracked the acquisition of a new, secure vending system designed to replace the compromised OVS and prevent similar incidents in the future.

Throughout this process, Eskom has maintained regular reporting to its board, which continues to provide oversight of all remediation efforts.

“We are fully aware of the challenges that have emerged within the OVS environment, and we have taken clear steps to address them. Our focus is on restoring trust, strengthening our systems, and ensuring that our customers can rely on a secure and efficient service," said Eskom’s Group Chief Executive, Dan Marokane.

"This is not just a technical fix, it is part of a broader commitment to transparency, operational excellence and accountability.” 

While the investigation into the token fraud continues, Eskom has pledged to share the findings once the process is concluded and the appropriate time for disclosure has been determined.

In the meantime, the utility has called on customers and stakeholders to remain vigilant and report any suspicious activity related to prepaid electricity tokens.

As Eskom moves forward with its efforts to protect its infrastructure and rebuild public confidence, it reassures South Africans that their electricity, and their trust, remain top priorities.

IOL