Eskom has launched a forensic investigation into an electricity theft racket involving the use of illicit tokens for prepaid meters that may have cost the company billions of rand in lost revenue.
The state-owned power utility is also probing the security of its IT systems, along with the involvement of some of its employees.
Speaking to the media at a briefing on Thursday, Eskom board chairman Mteto Nyati said the probe is one of the reasons why its annual results for the 2024 financial year were published late.
“Collusion is suspected between Eskom staff and illicit operators who breached controls within the prepaid ecosystem to facilitate the creation and sale of fraudulent prepaid electricity tokens,” said Nyati.
Eskom estimates that it lost 13.9TWh of electricity due to theft in 2024, adding up to around R23-billion in revenue losses. Some of this is attributed to illegal connections and meter tampering, but according to CEO Dan Marokane, the fraudulent token scheme is far more sophisticated in its execution as it involves the hacking of Eskom’s internal IT systems and appears to involve some of its own employees.
Eskom said it is unable to estimate its exposure resulting from the illicit tokens because it has no idea how many tokens compatible with its meters are currently in circulation or the value in electricity each token represents.
According to Marokane, Eskom’s online vending system requires an overhaul to free it of legacy software, bolster cybersecurity and give the energy utility the freedom to pivot quickly when new methods of fraudulent token generation are discovered.
Control systems
But Marokane said there has been a lacklustre approach to cybersecurity in Eskom. “We’ll be visiting this subject early in the new year to detail exactly what we’re going to be doing in responding to a number of reportable irregularities,” Marokane said.
“We will also work on deepening the culture of control and adherence to our control systems. As you can see, a number of these issues are really about the lack of doing what needs to be done as a routine on a regular basis.”
Read: Eskom tariff proposal: the cost of getting it wrong
Among corrective actions being taken by Eskom are the consolidation of its forensics, security and investigative functions under a single entity reporting directly the CEO; the establishment of a dedicated project management office to address findings from data analytics and external investigations; and the enforcement of discipline and adherence to internal controls. – © 2024 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here