- South Africa’s state owned energy utility confirms no new or emerging security breaches linked to the Online Vending System.
- Eskom outlines corrective actions, governance reforms and progress on a new secure vending platform.
- Company reaffirms commitment to transparency and accurate public communication but questions remain on how much money was stolen, how it was allowed to happen and who was involved.
- Former Eskom CEO André de Ruyter has alleged that the power utility was losing at least R400 million a month in 2023 through fraud and theft of prepaid electricity vouchers run by syndicates.
Eskom has confirmed that there are no new or emerging breaches linked to its Online Vending System and has dismissed recent media claims suggesting that the utility failed to respond to questions on the matter.
The power utility said the Online Vending System breach was fully disclosed in its 2024 Annual Results published in December 2024 and has since been addressed through a series of public updates and executive briefings. Eskom noted that comprehensive updates were issued on 2 July 2025 and 18 September 2025, while Eskom Group Chief Executive Dan Marokane also responded to media questions during the 2025 Financial Annual Results announcement at Megawatt Park on 30 September 2025.
According to Eskom, any suggestion that it did not respond to questions on the Online Vending System is inaccurate. The utility said it remains committed to transparency as part of its broader turnaround strategy and continues to work closely with the media to ensure that accurate and current information is communicated to the public.
Following the initial discovery of the breach, Eskom implemented a comprehensive review and intervention programme aimed at addressing vulnerabilities, protecting revenue and restoring system integrity. The company said decisive action has significantly reduced vending fraud to very low levels while strengthening both cyber and physical security.
In its September 2025 progress update, Eskom outlined a multi layered response that includes tighter physical access controls at vending environments, enhanced cyber security monitoring, stronger user access governance supported by weekly exception dashboards, and the deployment of advanced detection tools to identify high risk areas early.
Investigations conducted in collaboration with law enforcement have resulted in the dismissal of several implicated employees, with further cases still under review. Eskom has referred certain matters to the authorities and confirmed its full cooperation with ongoing investigations.
Additional measures include the rollout of smart meters, improved reconciliation processes to validate fraud levels on a monthly basis, and the accelerated development of a new secure vending platform to replace the existing Online Vending System.
Eskom also provided context on the evolution of its vending infrastructure. In the 1990s, the utility partnered with Conlog to develop the Common Vending System and the Standard Transfer Specification, which has since become a global standard for prepaid electricity. The current Online Vending System was introduced around 2006 when Eskom decided to make use of external service providers (vending agents) to sell electricity from its centralised vending server rather than developing all client terminals in-house.
The utility emphasised that Eskom retains ownership of the core system architecture and protocols, while external companies operate as authorised vending agents serving end customers.
As investigations continue, Eskom said the focus remains on strengthening governance, closing security gaps and ensuring that reliable and secure electricity supply is maintained for customers across South Africa.
Author: Bryan Groenendaal












