An employee of the UK Office for Nuclear Regulation (ONR) has lost an unencrypted USB memory stick containing a safety assessment of Hartlepool’s nuclear plant.
The assessment was carried out after the radiation scare at the Fukushima nuclear plant in March 2011 after an earthquake and tsunami hit Japan.
After the incident, EU governments agreed that all 143 of Europe's nuclear plants should undergo stress testing to common standards.
The ONR, which seeks to protect people from the hazards of the nuclear industry, is an agency of the UK’s Health and Safety Executive (HSE).
The USB stick containing the Hartlepool assessment went missing during a conference in India, according to The Guardian.
But the ONR claims that no "significantly sensitive" data was lost, and that most of the report has since been put in the public domain.
However, the ONR is investigating why the employee was using an unencrypted USB memory stick for documents with a security classification, which breaches ONR policy.
Terry Greer-King, UK managing director for security firm Check Point, said the loss of the memory stick highlights the risks that businesses expose themselves to when using unencrypted devices.
“In November 2011, we surveyed 320 UK public and private sector firms, and 50% of them were not encrypting data on USB sticks despite the high-profile security breaches of recent years. So these events are likely to keep on occurring,” he said.
Mark Darvill, chief technology officer at security firm AEP Networks said data in high risk industries such as the nuclear industry should always be encrypted.
“What may seem mundane to some is a treasure trove of potentially damaging information in the wrong hands,” he said.
According to Darvill, critical infrastructure providers are already a prime target both for the common cyber-criminal and for rogue foreign states.
“There would be nothing to stop an opportunist coming into contact with this stick from selling this material to the highest bidder Any critical infrastructure provider or contractor working for them needs to ensure it has the highest levels of security deployed, to stop cyber-attacks at the first hurdle,” he said.