Eskom has rejected claims that its Online Vending System (OVS) is facing new or unresolved security breaches, saying the matter was fully disclosed more than a year ago and that decisive corrective action has significantly reduced vending fraud.
In a statement issued on Wednesday, January 7, the power utility said there are “no new issues regarding the Online Vending System (OVS) breach” noting that the issue was “first fully disclosed in Eskom’s 2024 Annual Results published in December 2024.”
The utility said recent media reports suggesting Eskom failed to respond to questions on the matter were incorrect.
“Therefore, any assertions by recent media reports that Eskom did not respond to a question regarding the OVS are inaccurate,” the statement said.
Eskom pointed out that it has already issued two comprehensive public updates on the breach, on July 2, 2025, and September 18, 2025, and that the issue was again addressed by Group Chief Executive Dan Marokane during the 2025 Financial Annual Results Announcement at Megawatt Park on September 30, 2025.
“As part of Eskom’s turnaround strategy, we remain committed to being transparent with the South African public and working with the media to ensure that the facts are always well-presented” Eskom said, adding that collaboration with the media should help “ensure that we do not raise unnecessary alarms and resist the urge to recycle and present old news as new”.
Following the initial discovery of the OVS breach, Eskom said it implemented “a comprehensive review and intervention strategy to mitigate vulnerabilities and restore system integrity” with decisive actions taken to “curb OVS fraud, secure systems, protect revenue, and safeguard customers.”
According to Eskom’s September 2025 progress update, the response included tighter physical access controls in vending environments, enhanced cybersecurity monitoring to prevent unauthorised access, and stronger user-access controls supported by weekly dashboards flagging irregularities.
The utility confirmed that investigations into implicated employees have resulted in dismissals.
“Expanded investigative measures, conducted in collaboration with law enforcement, have been concluded for some of the implicated employees (and are underway for all implicated employees), with the internal process resulting in their dismissal,” the statement said.
Eskom added that “certain elements have been referred to the authorities, and the company will cooperate fully.”
Other measures include the deployment of detection tools to identify risk areas, the rollout of smart meters and reconciliation methods to validate fraud levels monthly, and the acceleration of “a new, secure vending platform to replace the current OVS.”
Eskom said the combined impact of these interventions has sharply reduced fraud.
“As the investigation into the OVS breach continues with law enforcement, and vending fraud is now reduced to very low levels, Eskom is proving that stronger systems, smarter technology, and decisive action are protecting revenue and ensuring secure, reliable electricity for all South Africans,” the statement said.
THE MERCURY
