- One of my favorite foldables brings the flip phone back in the best way (and it's $200 off)
- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
Sellafield Pleads Guilty to Historic Cybersecurity Offenses
The organization managing the world’s largest stockpile of plutonium has pleaded guilty to all criminal charges, in a first-of-its-kind case related to historic cybersecurity failings.
A spokesman from the UK’s Office for Nuclear Regulation (ONR) acknowledged the plea in a brief statement, but also confirmed Sellafield’s assertion that it wasn’t hacked, as per previous media reports.
“We acknowledge that Sellafield Limited has pleaded guilty to all charges. There is no evidence that any vulnerabilities have been exploited,” he said.
“As the details of the case have yet to be heard in court, we are unable to provide further comments at this stage. A sentencing hearing has been scheduled for 10am on Thursday, August 8 at Westminster Magistrates Court.”
The charges relate to offenses spanning a four-year period (2019-23), when strict cybersecurity regulations “were not sufficiently adhered to,” according to lawyers acting for Sellafield.
That apparently includes a failure by the site to ensure sensitive information on its IT network was adequately protected.
“We have pleaded guilty to all charges and cooperated fully with ONR throughout this process. The charges relate to historic offences and there is no suggestion that public safety was compromised,” a Sellafield spokesperson told The Guardian.
A report published in December 2024 claimed that Russian and Chinese hackers had managed to access sensitive information potentially including details of emergency planning, movement of radioactive waste and monitoring for leaks.
It was claimed that successful intrusions featuring “sleeper malware” dated back to 2015, and that the site had failed to inform regulators for years about sub-par security, including unpatched critical vulnerabilities.
An insider told The Guardian that these issues only came to light after staff working at an external site realized they could access Sellafield’s servers, and subsequently reported it to the ONR.
Sellafield’s cybersecurity has reportedly now been described by its lawyers as “robust.”
