Eskom’s Electricity Token Scandal: Breach Exposes Flaws, Sparks Reforms

Fake electricity tokens. Compromised systems. And billions potentially lost.

Eskom’s ongoing troubles just got a lot more complicated,  this time involving a cyber breach of its Online Vending System (OVS) that allowed criminals to distribute fraudulent prepaid electricity tokens, undermining public trust and exposing deep flaws in both tech and governance.

The breach, uncovered through a forensic investigation launched in December 2024, revealed that the very system thousands of South Africans use to keep the lights on had been exploited by criminal syndicates, possibly with the help of insiders.

What Went Wrong?

Eskom confirmed that its OVS system, used to manage and sell prepaid electricity tokens was infiltrated. The breach allowed for the unauthorised generation and sale of prepaid tokens, meaning customers unknowingly bought fake credits. The utility suspects this operation may have drained billions of rands in revenue, compounding the financial pressure Eskom already faces.

The investigation didn’t just uncover cybersecurity failures. It revealed vulnerabilities in physical infrastructure and hinted at possible employee collusion, although no names have been publicly released yet.

Fixing a Broken System

In response, Eskom has launched what it calls a comprehensive system overhaul.

Group CEO Dan Marokane said the goal isn’t just plugging technical holes — it’s about “restoring trust” and proving that Eskom can provide secure, reliable services.

“This is not just a technical fix,” Marokane said. “It is part of a broader commitment to transparency, operational excellence, and accountability.”

New safeguards are being implemented to protect prepaid electricity systems, although Eskom is not yet revealing full details while the investigation continues. Law enforcement agencies are involved, but updates will only be made public when it’s “appropriate,” Eskom says.

Public Trust on the Line

The breach couldn’t have come at a worse time. Eskom is already grappling with load shedding, ageing infrastructure, and public frustration. Now, add prepaid token fraud to the mix, a system that low- and middle-income households depend on daily.

For many, prepaid electricity isn’t just a convenience, it’s a lifeline. Fake tokens don’t just mean lost money. They mean homes without power and vulnerable people left in the dark.

While Eskom has promised improvements, the true cost of the scam, both financial and reputational, may take years to calculate. In the meantime, the utility is urging customers to remain vigilant, report suspicious activity, and avoid purchasing electricity from unofficial vendors.

Here’s how you can stay safe:

• Only buy prepaid tokens through official Eskom-approved platforms or vendors.

• If your token isn’t working or seems suspicious, report it immediately to Eskom.

• Avoid deals that seem too good to be true, they probably are.

A Call for Transparency and Reform

Civil society groups and watchdogs are already calling on Eskom to release more details about the breach and to be transparent about internal disciplinary actions, if any staff members were involved.

In a country where energy access is already deeply unequal, the prepaid system must work and be trustworthy. Eskom now faces the dual challenge of fixing its internal systems and rebuilding public confidence in a service so many rely on.

If there’s any hope for a just energy future in South Africa, it starts with fixing what’s broken now and protecting it from being broken again.

{Source: The Citizen}

Follow Joburg ETC on Facebook, Twitter , TikTok and Instagram

For more News in Johannesburg, visit joburgetc.com