Sellafield ‘is hacked by cyber groups linked to Russia and China’: Staff at UK’s most hazardous nuclear site are accused of ‘covering up’ IT breaches which date back ‘eight years’
Britain's largest nuclear site has been hacked by cyber groups closely linked to Russia and China, according to reports.
Sellafield in Cumbria is a former power station that now processes decades-old nuclear waste from across Britain – a job that makes it the most dangerous site in the country.
Officials would not know when the site was first hacked, but as early as 2015 they encountered sleeper malware, which can be used to spy on or attack systems.
It is not clear whether this malware is still present in computer systems, and its existence is concealed by senior employees. the guard reports.
Sources told the newspaper they fear foreign agents have gained access to the highest levels of confidential material at the two-square-kilometre site.
Sellafield said it had “no record or evidence” that Sellafield had been “successfully attacked by state actors.”
Officials don't know exactly when the Cumbrian site was compromised but say the breaches were discovered as early as 2015, according to reports
Working out the full extent of the hack and the threat it poses has been made more difficult by Sellafield's failure to alert the nuclear regulator for years, it is claimed.
The facility is used to process nuclear waste from decades of nuclear power generation and weapons programs, and houses the largest plutonium storage facility in the world.
It is owned by the government's Nuclear Decommissioning Authority and has 10,000 employees.
The site is guarded by armed police and is intended to be so secure that contingency planning documents are kept in case Britain is attacked by a foreign attack or suffers a disaster.
Reports have previously described a “toxic culture” of bullying, racism and sexual harassment at the factory, which workers warned could lead to a “disaster”.
One worker speaking in 2021 claimed bosses did nothing when he was 'racially taunted' by a driver driving through the factory. One woman said a senior manager asked if she had performed sexual favors to advance in the job.
Another claimed a line manager called his autistic employee a 'mong', while a Muslim employee said a trainer said the biggest threat was 'men with beards in slippers'.
In a letter to the bosses they said: 'He then singled me out and mockingly looked under the table at my shoes.'
Experts labeled the alleged behavior a “toxic culture” and a “recipe for disaster” due to the dangerous chemicals kept on site.
is owned by the government's Nuclear Decommissioning Authority and has 10,000 employees
A spokesperson for Sellafield Ltd said: “We have no data or evidence to suggest that Sellafield Ltd's networks have been successfully attacked by state actors in the manner described by the Guardian.
“Our monitoring systems are robust and we are confident that such malware does not exist on our system.
“At Sellafield we take cyber security very seriously.
“All our systems and servers have multiple layers of protection.
“Critical networks that allow us to operate securely are isolated from our general IT network, meaning an attack on our IT system would not penetrate them.”
A spokesperson for the Department for Energy Security and Net Zero said: 'We expect the highest standards of safety and security as former nuclear sites are decommissioned, and the regulator is clear that public safety in Sellafield will not be compromised.
“Many of the issues raised are historic and the regulator has been working with Sellafield for some time to ensure necessary improvements are made. We expect regular updates on how this is progressing.
'We have a zero-tolerance policy towards bullying, harassment and offensive behavior in the workplace. We expect that Sellafield and the CNC will operate on this basis, investigate allegations and take robust action.”