An employee of the Health and Safety Executive lost an unencrypted USB data stick containing nuclear 'stress test' data, the watchdog has admitted. The Office for Nuclear Regulation (ONR) staff member lost the data on Hartlepool Nuclear Power Station at a conference in India in November, ZDNet UK understands.
"An ONR member of staff lost an unencrypted USB pen drive containing the licensee's 'stress test' of a UK nuclear power station, which is a safety assessment of the station," ONR said in a statement on Friday.
The watchdog downplayed the nature of the leak, saying the stick "did not contain any significantly sensitive information."
The European Commission initiated a stress-test programme of European nuclear facilities after the nuclear crisis at Fukushima in Japan in March. The aim of the stress tests was to simulate conditions at Fukushima, and gauge how European nuclear facilities would respond.
Much of the data in the stress tests was published, ONR said in a statement. The data contained on the stick was safety data, and included unpublished details such as photographs of the Hartlepool facility, ZDNet UK understands.
The use of the unencrypted data stick contravened ONR policy, the watchdog said in its statement. ZDNet UK understands that ONR has taken action regarding the employee.
"An internal investigation has been undertaken by ONR," the watchdog added.
Data on critical infrastructure facilities should be encrypted as a matter of course, SSL and VPN company AEP Networks said on Friday.
"Data in high risk industries such as this should always be encrypted if there's any chance it could leave the building," said AEP Networks chief technology officer Mark Darvill in a statement.