Sellafield Ltd Fined £330,000 for Cybersecurity Failures

The nuclear site operator admitted to multiple breaches over four years, exposing sensitive information to potential threats.

Sellafield Ltd was fined £332,500 and ordered to pay £53,253 in prosecution costs by Westminster Magistrates' Court.
The Office for Nuclear Regulation (ONR) found that Sellafield had failed to protect vital nuclear information from unauthorized access and potential cyber threats.
The cybersecurity breaches, which spanned from 2019 to 2023, left 75% of Sellafield's computer servers vulnerable to attacks.
No successful cyber-attacks or data losses were reported, but the failings were deemed serious and bordering on negligence.
Recent improvements in cybersecurity have been noted under new leadership at Sellafield, with ongoing regulatory scrutiny to ensure compliance.