Eskom Strengthens Cybersecurity After Prepaid Token Breach in Online Vending System

South Africa’s state-owned power utility, Eskom, has unveiled a robust response plan to counteract a significant cybersecurity breach that compromised its Online Vending System (OVS). The breach, disclosed during Eskom’s full-year 2024 financial results in December, revealed a coordinated scheme involving the generation and distribution of fraudulent prepaid electricity tokens, exploiting critical vulnerabilities in the utility's digital infrastructure.

This incident raised serious concerns about the integrity of the OVS and the security of Eskom’s prepaid electricity environment—used by millions of South Africans daily. In response, Eskom has embarked on a broad remediation strategy, aimed not only at patching system flaws but also at transforming its approach to operational security.

Forensic Report Highlights Cyber and Physical Vulnerabilities

The breach came to light following an in-depth forensic investigation that exposed exploitation in both cybersecurity layers and physical infrastructure safeguards. The report revealed that fraudsters managed to manipulate the token generation mechanism, producing unauthorized prepaid electricity credits that effectively led to revenue loss and systemic risks.

“The system was exploited to generate and distribute fraudulent prepaid electricity tokens, revealing critical vulnerabilities in both the physical and cybersecurity components,” Eskom confirmed in its official statement.

Comprehensive Strategy to Reinforce System Integrity

To restore trust in its systems and prevent recurrence, Eskom has implemented a multi-tiered intervention plan involving internal, technological, and strategic components. According to Eskom’s Chief Technology and Information Officer, Len De Villiers, the measures have already fortified Eskom’s systems, ensuring better resistance to future threats.

“All system enhancements are managed through a robust Change Management process that spans all divisions, ensuring consistent oversight and control,” said De Villiers. “These measures are part of Eskom’s ongoing commitment to safeguarding operations and addressing identified vulnerabilities.”

Key Measures Implemented by Eskom

Eskom has outlined the following core actions taken to mitigate current and future risks:

• Enhanced Internal Controls: New mechanisms to detect and prevent electricity theft have been deployed.

• Physical Infrastructure Reinforcement: Access—both digital and physical—to critical systems has been strictly limited.

• Upgraded Monitoring Systems: Improved oversight tools now ensure real-time anomaly detection and comprehensive reporting.

• Collaboration With Law Enforcement: Several internal employees implicated in the breach have been placed on precautionary suspension, pending further review. Investigations are ongoing, with transparency a priority.

• Strategic IT Partnerships: Eskom has engaged an external IT security firm to bolster its in-house capabilities and conduct regular security audits.

• System Upgrades and Oversight: All enhancements are funneled through a structured change management protocol, with direct reporting to the Eskom Board.

• Secure Vending System Acquisition: Plans are underway to roll out a new, secure vending platform to completely replace the compromised OVS.

Leadership Vows Transparency and Reform

Eskom’s Group Chief Executive, Dan Marokane, emphasized the utility’s commitment to reform and transparency in light of the breach. “We are fully aware of the challenges that have emerged within the OVS environment, and we have taken clear steps to address them,” he stated.

“This is not just a technical fix—it is part of a broader commitment to transparency, operational excellence, and accountability. Our goal is to restore trust, strengthen our systems, and ensure our customers can rely on a secure and efficient service.”

Looking Ahead: Public Confidence and Security Restoration

While the utility has assured customers that no action is needed on their part, the breach has raised questions about how long the vulnerability was exploited, the scale of revenue loss, and the effectiveness of internal audits.

Eskom has pledged to publicly disclose the full findings of the ongoing investigation once complete. In the meantime, the company is urging citizens to purchase tokens only from verified vendors and digital channels, and to report any suspicious activity.

The transformation of Eskom’s digital architecture signals a critical evolution in the utility’s readiness to operate in an increasingly cyber-threatened environment. As the investigation unfolds, public attention will remain focused on how effectively these changes prevent future compromises in one of South Africa’s most vital infrastructure networks.