Eskom systems compromised as insiders steal billions

Several Eskom employees have been implicated in a large-scale scheme to create billions of rands of fraudulent prepaid electricity vouchers, enriching themselves while the utility received no income for the units.

The scale of the fraud likely impacted Eskom’s financial health, exacerbating its debt problem and resulting in higher tariff increases to compensate for the lost revenue.

Eskom’s debts stood at over R400 billion last year, and it reported an after-tax loss of R55 billion. The Auditor General also flagged that Eskom’s current liabilities exceeded current assets by R50 billion.

Prepaid ghost vending may also have contributed to load-shedding, as syndicates sold large volumes of electricity on the black market for as little as 25 cents per unit.

Eskom first revealed that its online vending system (OVS) for prepaid electricity was breached in its last integrated report, published in December 2024.

Ironically, Eskom introduced the OVS in 2008 to combat ghost vending using old offline credit dispensing units (CDUs).

However, corrupt Eskom officials helped syndicates obtain the equipment, technical know-how, and system access needed to generate fake electricity tokens — first on CDUs, and later on the OVS.

University of Johannesburg research associate and forensic investigator Calvin Rafadi has explained that Eskom tried to recall its CDU machines when it launched the online vending system.

However, Eskom officials stole several of the machines from where they were kept in storage. They also obtained the disks and other equipment necessary to alter the electricity prices on the devices.

CDU-based “ghost vending” remained a problem long after the online vending system was launched, with law enforcement struggling to dismantle the criminal syndicate behind the theft.

In 2015, the Hawks announced the arrest of a Vereeniging woman suspected of being a crucial player in an illegal electricity voucher vending syndicate.

“Investigators are confident that they are close to catching those who are running this ghost vending syndicate,” police said at the time.

Six years later, in 2021, the Hawks, Eskom, and other law enforcement bodies announced the arrest of seven people suspected of being involved in a ghost vending syndicate.

“The syndicates reportedly operate in groups nationally and generate income of approximately R150,000 to R250,000 per day from illicit sales of electricity,” Eskom and the Hawks stated.

That amounts to between R54.8 million and R91.2 million per year in discounted illegal electricity tokens. Eskom’s revenue losses would be even higher.

“They are highly organised, well-equipped and closely networked and are difficult to track due to the fact that these machines do not transact on a network or at a single place, but are constantly roving.”

In 2023, the National Prosecuting Authority (NPA) revealed that a former employee of Eskom had allegedly stolen a Master Vending Unit from the company.

Before he died, he allegedly turned ghost vending into a lucrative family business, generating over R36 million in illegal electricity tokens.

Because of how this fraud is perpetrated, Rafadi said Eskom was embarrassed to speak about it. This has allowed Eskom insiders and former employees to “run a parallel Eskom,” he said.

“We need to deal with the root cause — the managers inside Eskom who are involved,”  said Rafadi.

Eskom insiders compromise online vending system

With offline CDU-based ghost vending still rampant, Eskom’s disclosure that its OVS had also been exploited was concerning.

“The OVS enables customers to purchase prepaid electricity via virtual channels, such as banking apps, remote terminals such as ATMs located in retail outlets, or using other vending stations,” Eskom said.

Eskom explained that the OVS uses encryption and other sophisticated security measures to prevent fraud.

“Despite these controls, a recent investigation uncovered the bulk generation of illegal prepaid tokens on Eskom’s online vending system,” it said in its December report.

It explained that the OVS is only used to dispense prepaid electricity tokens to Eskom Direct customers and those municipalities that use its platform.

However, MyBroadband understands there is a workaround available to fraudsters with this level of access that would allow Eskom-generated tokens to be used on other municipal prepaid meters.

Eskom estimated that electricity theft, including illegal tokens and bypassed meters, cost it roughly R23 billion in revenue during its previous financial year.

However, MyBroadband has learned that the problem is much larger than Eskom is letting on, and that high-ranking individuals at the company are potentially involved.

Eskom responds

The power utility said last year that it would provide an update on the investigation once it is finalised. MyBroadband contacted Eskom for an update, and it declined to provide additional information.

“Currently, the matter remains under investigation. This includes work being carried out by SAPS and Hawks,” Eskom stated.

“Eskom is unable to share further details. Eskom will advise in due course when it is ready to do so.”

However, Eskom did confirm that disciplinary action was taken against several employees. It said the matter was complex and involved internal and external parties, with potential criminal implications.

“We are cooperating fully with the relevant law enforcement agencies, including the SAPS, Hawks, and NPA,” Eskom said.

“Premature disclosure could hamper the work of law enforcement and the NPA and weaken future legal proceedings,” Eskom told MyBroadband.