The company in charge of operating the Sellafield nuclear waste processing and decommissioning site has been fined £332,500 by the Office for Nuclear Regulation (ONR) for its inadequate cybersecurity practices spanning from 2019 to 2023, which violated the UK's Nuclear Industries Security Regulations 2003. The news follows a report by The Guardian in December 2023 that groups linked to Russia and China hacked the site.
The ONR confirmed that although Sellafield's IT systems were left vulnerable to unauthorised access and data theft due to poor cybersecurity measures, there is no evidence of these vulnerabilities being exploited. ONR's senior director of regulation, Paul Fyfe, expressed disappointment in Sellafield's prolonged failure to address known security issues effectively, leading to the imposition of the financial penalty.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
