Eskom has appointed an external IT firm to help secure its online vending system (OVS), following the discovery of vulnerabilities that enabled the generation and sale of fraudulent prepaid electricity tokens.
The OVS breach, disclosed in Eskom’s 2024 financial results, revealed weaknesses in cyber and physical layers of its prepaid infrastructure. According to Eskom’s Chief Technology and Information Officer Len de Villiers, the utility has made “significant progress in enhancing and protecting its infrastructure” through tighter internal controls, improved monitoring and reinforced system access protocols.
Support from the external IT firm is intended to augment Eskom’s in-house capabilities in managing system risk and safeguarding operations. The utility also confirmed it is fast-tracking the acquisition of a new vending system to fully replace the compromised OVS.
Other key actions include:
- Reinforced physical and digital access controls
- Enhanced internal monitoring and reporting mechanisms
- Continued collaboration with law enforcement
- Regular reporting to the Eskom Board
