Rogue elements, including some from within, have fleeced Eskom of at least R20bn over the past three years by printing and distributing electricity tokens using a compromised online vending system (OVS), delivering a further blow to the utility’s attempts to move on from its disreputable past.
The group on Tuesday reported material losses of R7.2bn due to criminal conduct in the year ended March, up from R6.7bn reported in the prior year. Losses attributed to criminal activity for the 2023 financial year amounted to about R6bn.
The company said R7.1bn of the 2025 financial year losses relate to “nontechnical energy losses arising from electricity theft, including ghost vending”.
The group is still investigating the breach into its OVS, and is collaborating with other state-owned entities, other companies and officials in the industry, the police and the National Prosecuting Authority.
“Eskom’s OVS is a critical revenue collection system used for dispensing prepaid electricity tokens to customers,” the state-owned utility said.
“Following illegal activity relating to prepaid electricity tokens being brought to Eskom’s attention by the Hawks, a forensic investigation revealed that the OVS had been compromised for bulk generation of illegal prepaid electricity tokens, revealing critical vulnerabilities in both the physical and digital access controls to Eskom’s prepaid electricity infrastructure,” it added.
“This breach would only have been possible with collusion between Eskom staff [who have since been suspended] and illicit operators to circumvent controls. The suspicious activities were reported to various law enforcement agencies for further action.”
The scale and quantum of the leak threaten Eskom’s fragile profitability and raise questions about the state’s ability to secure fundamental revenue streams, increasing the likelihood of bigger tariff increases, placing further pressure on its credit rating and the country’s fiscal accounts.
In an interview with Business Day, CEO Dan Marokane offered a candid assessment of the situation, saying the breach had been only partially contained.
“There’s been some very good progress in terms of arresting the vending fraud. It’s not a level that we want it to be. We want [it] to be eliminated. We are hard at work in terms of finding a new solution to replace this legacy system,” Marokane said.
“In the meantime, it’s about making sure that we close any gap as it emerges or as we learn more about the modus operandi. Our recovery programme is over a number of years, both from an operational and a control perspective. What we need to do is maintain the momentum that we have established so far.”
With the group scrambling to get to the bottom of the fraud, it has established a war room in a bid to strengthen the physical, logical and operational security controls and detection capabilities in the OVS ecosystem.
The war room is also investigating ways to block the use of previously generated 600kWh tokens and was also “accelerating acquisition of a new, more secure software solution for the online vending system to replace the existing system as well as rolling out smart meters”.
The company, which on Monday reported a profit for the year ended March 5 — the first in eight years — has also revoked the access to the OVS of its employees it suspects are part of the syndicate, and is proceeding with disciplinary measures against those implicated in the theft.
“These enhancements are ongoing and were not yet completely effective at year’s end, Eskom said. “Despite this, there has been a significant reduction in the number of illicit tokens generated because of the interventions under way.”
State capture billions
Eskom is still attempting to rid itself of the ghost of state capture, which saw billions of rand diverted from the company, which became a byword for graft and corruption.
It reported nearly 2,700 crime-related incidents in the year under review, down from the 3,732 reported in the previous year. The company said about 436 arrests were made during the most recent financial year, “of which five related to employees and 88 related to contractors”.
More than 60 arrests have been made and more than 20 illegal coal swapping sites closed since Eskom implemented a programme to combat coal, fuel oil and diesel theft in April 2023.
Coal swapping refers to the practice of exchanging high-grade coal meant for power stations for lower-grade product, and selling the superior coal to other parties.
“We have also implemented specialised security intelligence-led investigations to monitor coal samples and coal deliveries by road between contracted mines, laboratories, rail sidings and Eskom power stations to improve coal supply integrity,” Eskom said.
Group chair Mteto Nyati said that though most of the group’s more than 40,000-strong workforce were honest, some rotten potatoes had to be thrown out.
“Despite measurable progress, the battle is far from over,” he added.
With Tiisetso Motsoeneng
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.