Full Extent of R2-Billion City of Ekurhuleni Hack Revealed

The Ekurhuleni hack illustrates how legacy municipal systems can become a lucrative target when basic security hygiene is ignored. Attackers leveraged the SOLAR platform’s lack of multi‑factor authentication and shared administrator credentials to rewrite billing data, generate fraudulent clearance certificates, and route payments to shell entities. Insider participation amplified the breach, allowing malicious code—keyloggers and remote‑access tools—to persist despite attempted removal, highlighting the danger of unchecked privileged access in public‑sector IT environments.

Beyond the immediate R2 billion loss, the incident raises critical questions about vendor responsibility and oversight. BCX, the outsourced provider for core back‑end services, was criticized for insufficient audit trails and lax privilege management, though it denies direct culpability. The episode is likely to accelerate discussions among municipal councils, the Department of Cooperative Governance, and the National Treasury about mandatory cybersecurity standards, third‑party risk assessments, and the need for independent forensic capabilities to detect and respond to threats in real time.

For municipalities nationwide, the Ekurhuleni case serves as a cautionary tale that robust governance, continuous monitoring, and clear segregation of duties are non‑negotiable. Implementing role‑based access controls, regular penetration testing, and immutable logging can restore accountability and deter insider collusion. As regulators consider stricter compliance frameworks, cities that proactively upgrade their ICT controls will not only protect revenue streams but also rebuild public trust in digital service delivery.