EHSL
Company Details
Linkedin ID:
eskom
Website:
Employees number:
42,043
Number of followers:
581,702
NAICS:
22
Industry Type:
Homepage:
eskom.co.za
IP Addresses:
0
Company ID:
ESK_6298407
Scan Status:
In-progress
Eskom Holdings SOC Ltd Company CyberSecurity Posture
eskom.co.za
Company profile Eskom Holdings generates, transports and distributes approximately 95% of South Africa’s electricity – making up 60% of the total electricity consumed on the African continent. Eskom is the world’s eleventh-largest power utility in terms of generating capacity, ranks ninth in terms of sales, and boasts the world's largest dry-cooling power station. Eskom Holdings’ Enterprises Division designs, builds and refurbishes Eskom’s assets, and acts as a catalyst for project development for the group. Eskom Enterprises’ main focus is to support Eskom Holdings and be the custodian of non-regulated businesses and offer strategic and commercial lifecycle services to the line divisions.
Eskom Holdings SOC Ltd A.I CyberSecurity Scoring
EHSL Risk Score (AI oriented)Between 750 and 799
EHSL
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
EHSL Global Score (TPRM)XXXX
EHSL
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
EHSL Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Eskom Holdings SOC Ltd
Cyber Attack
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Eskom, power utility organisation had security incident at its data center. The working of the systems were affected. The system worked slower than usual. Eskom had stage four load-shedding and increased power cuts.
EHSL Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for EHSL
Incidents vs Utilities Industry Average (This Year)
No incidents recorded for Eskom Holdings SOC Ltd in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Eskom Holdings SOC Ltd in 2026.
Incident Types EHSL vs Utilities Industry Avg (This Year)
No incidents recorded for Eskom Holdings SOC Ltd in 2026.
Incident History — EHSL (X = Date, Y = Severity)
EHSL cyber incidents detection timeline including parent company and subsidiaries
EHSL Company Subsidiaries
Company profile Eskom Holdings generates, transports and distributes approximately 95% of South Africa’s electricity – making up 60% of the total electricity consumed on the African continent. Eskom is the world’s eleventh-largest power utility in terms of generating capacity, ranks ninth in terms of sales, and boasts the world's largest dry-cooling power station. Eskom Holdings’ Enterprises Division designs, builds and refurbishes Eskom’s assets, and acts as a catalyst for project development for the group. Eskom Enterprises’ main focus is to support Eskom Holdings and be the custodian of non-regulated businesses and offer strategic and commercial lifecycle services to the line divisions.
Loading...
EHSL Similar Companies
E.ON
We are one of Europe's largest energy companies with the business areas of energy networks, energy infrastructure solutions and energy sales. It’s on us to make new energy work, and we are actively leading energy’s future – putting our customers first and delivering innovative solutions that help ad
NTPC Limited is India’s largest power generation utility with roots planted way back in 1975 to accelerate power development in India. Since then it has established itself as the dominant power major with a presence in the entire value chain of the power generation business. From fossil fuels, it ha
Tata Power is one of India’s largest integrated power companies and together with its subsidiaries and jointly controlled entities, has an installed/managed capacity of 14,294 MW. The Company has a presence across the entire power value chain - generation of renewable as well as conventional power i
Xunta de Galicia
A Xunta aparece definida no Estatuto de Autonomía, aprobado en 1981, como órgano colexiado do Goberno de Galicia. Na actualidade, a Xunta está composta polo presidente e dez conselleiros. A comunidade exerce as súas funcións administrativas a través da Xunta e dos seus entes e órganos dependentes.
NextEra Energy, Inc.
NextEra Energy, Inc. (NYSE: NEE) is one of the largest electric power and energy infrastructure companies in North America and is a leading provider of electricity to American homes and businesses. Headquartered in Juno Beach, Florida, NextEra Energy is a Fortune 200 company that owns Florida Power
Correos
Somos la empresa líder en comunicaciones físicas, digitales y de paquetería. Nuestra misión es prestar un servicio integral de calidad, ofreciendo soluciones y servicios en toda la cadena de valor del ecommerce con el objetivo de facilitar la vida a nuestros clientes. Distribuimos más de 5.100 millo
Pacific Gas and Electric Company, incorporated in California in 1905, is one of the largest combination natural gas and electric utilities in the United States. Based in San Francisco, the company is a subsidiary of PG&E Corporation. There are approximately 20,000 employees who carry out Pacific
Southern Company
Together with our subsidiaries, we deliver clean, safe, reliable and affordable energy to our 9 million customers. Our focus is doing so with service excellence. That means we are leaders who take action to meet our customers’ and communities’ needs while advancing our commitment to net zero emiss
PT PLN (Persero)
Indonesia State Electricity Corporation PLN has a long history in electricity industry of Indonesia. As the sole provider of electricity in Indonesia, PLN is striving to increase quality of services to all Indonesian. In 1972, in accordance with Government Regulation No.17, the State-owned Electric
.png)
EHSL CyberSecurity News
November 12, 2025 08:00 AM
Africa Tech Festival Awards 2025 honour Africa’s trailblazers in technology and innovation
The Africa Tech Festival Awards 2025 (https://AfricaTechFestival.com/), held on Wednesday, 12 November 2025 in Cape Town, brought together technology...
October 16, 2025 07:00 AM
Big changes for Eskom board
Cabinet has greenlit Eskom's new board, which remains chaired by Dr Mthetho Nyati as his term is yet to expire.
September 17, 2025 07:00 AM
South African court annuls permit for Eskom to build new gas power plant
One of South Africa's top courts on Wednesday annulled a government permit allowing state utility Eskom to build a large power plant burning...
August 05, 2025 07:00 AM
Another nail in the coffin for Eskom’s monopoly in South Africa
Lyra Energy, a renewable energy platform supplying power to industries, has been granted an electricity trading license in South Africa.
April 07, 2025 07:00 AM
Hardware vulnerabilities in Hitachi Energy, ABB, B&R ICS devices pose critical infrastructure threat
Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five ICS (industrial control systems) advisories...
March 12, 2025 07:00 AM
South Africa reduces Eskom debt relief package by a further $1.1 billion
South Africa said on Wednesday that it would reduce its debt relief package for state power utility Eskom by a further 20 billion rand ($1.1...
February 23, 2025 08:00 AM
South Africa faces highest level power cuts as generation units fail
South Africa's Eskom has managed to restore eight units at power plants after implementing its highest stage of controlled power cuts early...
December 19, 2024 08:00 AM
South Africa’s Eskom faces ‘existential problem’ as local councils fail to pay their bills
South Africa's government has warned that power utility Eskom is facing an “existential crisis” after the amount of unpaid bills owed by local municipalities...
December 19, 2024 08:00 AM
Eskom posts a R25.5 billion loss
The power utility yielding a profit of more than R10 billion in the 2024-25 financial year. This comes after a tumultuous 2023-24 year marred by 329 days of...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
EHSL CyberSecurity History Information
Official Website of Eskom Holdings SOC Ltd
The official website of Eskom Holdings SOC Ltd is https://http://www.eskom.co.za.
Eskom Holdings SOC Ltd’s AI-Generated Cybersecurity Score
According to Rankiteo, Eskom Holdings SOC Ltd’s AI-generated cybersecurity score is 797, reflecting their Fair security posture.
How many security badges does Eskom Holdings SOC Ltd’ have ?
According to Rankiteo, Eskom Holdings SOC Ltd currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Eskom Holdings SOC Ltd been affected by any supply chain cyber incidents ?
According to Rankiteo, Eskom Holdings SOC Ltd has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Eskom Holdings SOC Ltd have SOC 2 Type 1 certification ?
According to Rankiteo, Eskom Holdings SOC Ltd is not certified under SOC 2 Type 1.
Does Eskom Holdings SOC Ltd have SOC 2 Type 2 certification ?
According to Rankiteo, Eskom Holdings SOC Ltd does not hold a SOC 2 Type 2 certification.
Does Eskom Holdings SOC Ltd comply with GDPR ?
According to Rankiteo, Eskom Holdings SOC Ltd is not listed as GDPR compliant.
Does Eskom Holdings SOC Ltd have PCI DSS certification ?
According to Rankiteo, Eskom Holdings SOC Ltd does not currently maintain PCI DSS compliance.
Does Eskom Holdings SOC Ltd comply with HIPAA ?
According to Rankiteo, Eskom Holdings SOC Ltd is not compliant with HIPAA regulations.
Does Eskom Holdings SOC Ltd have ISO 27001 certification ?
According to Rankiteo,Eskom Holdings SOC Ltd is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Eskom Holdings SOC Ltd
Eskom Holdings SOC Ltd operates primarily in the Utilities industry.
Number of Employees at Eskom Holdings SOC Ltd
Eskom Holdings SOC Ltd employs approximately 42,043 people worldwide.
Subsidiaries Owned by Eskom Holdings SOC Ltd
Eskom Holdings SOC Ltd presently has no subsidiaries across any sectors.
Eskom Holdings SOC Ltd’s LinkedIn Followers
Eskom Holdings SOC Ltd’s official LinkedIn profile has approximately 581,702 followers.
NAICS Classification of Eskom Holdings SOC Ltd
Eskom Holdings SOC Ltd is classified under the NAICS code 22, which corresponds to Utilities.
Eskom Holdings SOC Ltd’s Presence on Crunchbase
Yes, Eskom Holdings SOC Ltd has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/eskom.
Eskom Holdings SOC Ltd’s Presence on LinkedIn
Yes, Eskom Holdings SOC Ltd maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/eskom.
Cybersecurity Incidents Involving Eskom Holdings SOC Ltd
As of January 25, 2026, Rankiteo reports that Eskom Holdings SOC Ltd has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Eskom Holdings SOC Ltd has an estimated 4,236 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Eskom Holdings SOC Ltd ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Eskom Data Center Security Incident
Description: Eskom, a power utility organisation, experienced a security incident at its data center. The working of the systems was affected, and they operated slower than usual. This led to stage four load-shedding and increased power cuts.
Type: Security Incident
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Security Incident ESK238221222
Systems Affected: Data Center
Operational Impact: Slower system performanceStage four load-sheddingIncreased power cuts
Which entities were affected by each incident ?
Incident : Security Incident ESK238221222
Entity Name: Eskom
Entity Type: Power Utility
Industry: Energy
Additional Questions
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Data Center.
.png)
Latest Global CVEs (Not Company-Specific)
Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L119
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L314
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L31
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L33
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9ae252-7e5f-4dc0-a162-100493b81980?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=eskom' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
