Nuclear secrets revealed after unencrypted USB stick found in Cumbria hotel room

Fortunately for the security of the Sellafield nuclear materials handling site, the USB stick has been handed in to the authorities.

Commenting on the incident, Credant Technologies, the endpoint data security specialist, said that the stick contained details of the nuclear firm's proposed workforce transfer from its Capenhurst operation in Cheshire to pan-European uranium specialist Urenco.one.

"This fact alone is from heaven to enemies of the UK, especially since the data on the USB stick suggested that International Atomic Energy technicians visiting the site were not sufficiently up to speed", said Sean Glynn, the firm's vice president.

According to Credant vice president, whilst the convenience of USB sticks make them an important tool for any business, you don't have to be a nuclear scientist to know that the data carried on these devices must be protected.

Corporate USB sticks, says Glynn, should always include encryption and other forms of security as a basic requirement because, as this incident clearly shows, unencrypted data can, and does, fall into the wrong hands.

And in the case of Sellafield, he added that the data on the USB stick falls firmly into the kind of information which has national security implications, especially with the UK currently being on heightened terrorist alert.

The discovery of this data on a USB stick in a hotel room, said Glynn, is the kind of plot that would do justice to a John Le Carre thriller novel, rather than real-life hotel in deepest Cumbria.

"But here we have a coach driver making a discovery that has serious national security overtones", he said, adding that it is of great concern that Sellafield does not have policies and procedures in place to encrypt or otherwise protect the data on USB sticks.

"As the coach driver is quoted as saying in the local press, what if the USB stick had fallen into the hands of terrorists, or contained top secret information?", he noted.

"Sellafield has done the right thing in launching an investigation, but this is a potentially serious breach of data security on several levels, with national security overtones."

What’s hot on Infosecurity Magazine?