State-owned power utility Eskom says there are no new issues regarding the Online Vending System (OVS) breach, which had first been disclosed during its financial results briefing in December 2024.

Further, as part of its turnaround strategy, Eskom says it remains committed to being transparent with the South African public.

As reported in December 2024, the OVS had been hacked and exploited to generate and distribute fraudulent prepaid electricity tokens, which revealed critical vulnerabilities in the physical and cybersecurity components of the utility’s prepaid electricity infrastructure.

To combat this, and in a repetition of its statement in September 2025, Eskom says it has implemented several key actions as part of a multi-layered approach to strengthen physical security, cyber-resilience and operational controls.

Eskom has deployed tighter physical access controls to secure vending environments and enhanced cybersecurity tools and monitoring to prevent unauthorised access.

Additionally, it has put in place stronger user-access controls with weekly dashboards flagging irregularities, and has deployed detection tools to highlight risk areas and enable early intervention.

It also rolled out smart meters and reconciliation methods to validate fraud levels monthly and has accelerated its move to secure a new, secure vending platform to replace the current OVS.

The utility also expanded investigative measures in collaboration with law enforcement that have been concluded for some of the implicated employees, and are under way for all implicated employees, with the internal process resulting in their dismissal, it added.

Certain elements have been referred to the authorities, and the company will cooperate fully, it said in the September 2025 statement and in the January 7 statement.