THE UK’s most hazardous nuclear site is being investigated amid concerns over its vulnerability to cyber attack.

Sellafield, home to the largest store of plutonium on the planet, has been placed into ‘special measures’ by regulators because its cyber security does not meet standards. But yesterday the nuclear site denied reports it has ever been hacked by a hostile state group.

A report in The Guardian claimed that cyber groups linked to Russia and China had infiltrated its IT systems as far back as 2015, citing sources suggesting that foreign hackers had likely ‘accessed the highest echelons of confidential material’.

But both Sellafield and the Office for Nuclear Regulation (ONR) denied any breach yesterday. The regulator acknowledged that cyber security has been a concern at the Cumbrian site. But sources said there was no evidence to suggest an attack by a foreign state had ever taken place.

Last year the watchdog was forced to take ‘enforcement action’ due to cyber security ‘shortfalls’. A report revealed: ‘Sellafield made limited progress in ensuring adequate cyber security arrangements and we took enforcement action.’

The ONR is now said to be considering prosecution for cyber failings. In one blunder, a password for a secure nuclear IT system was broadcast on TV by the BBC1 nature series Countryfile when crews were invited into the secure site for a report on rural communities and the nuclear industry.

Claims that public safety is at risk due to sleeper malware – software that can lurk and be used to spy or attack systems – being embedded in Sellafield’s computer networks by a hostile state were denied.

A Sellafield spokesman said: ‘Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.

‘We take cyber security extremely seriously at Sellafield.’