MoD blamed for nuclear submarine information leak

The Ministry of Defence (MoD) could become embroiled in a diplomatic row after a basic security error led to data on nuclear submarines being exposed on the internet.

The department was responding to a Freedom of Information request by anti-nuclear activists when it published a report with sensitive information blacked out on how nuclear submarines could cope in a challenging incident online. 

But the report, which was written in 2009 and contained information on US naval submarines, could be read in full by anyone who copied and pasted it into word processing software, including the sections that had been blacked out.

A reporter from the Daily Star Sunday first alerted the MoD to the blunder, after which the original report was taken down and replaced by a properly redacted version.

An MoD spokesperson was "grateful" for having had the matter brought to the department’s attention. "We take nuclear security very seriously and we are doing everything possible to prevent a recurrence of this," the spokesperson said.

But a senior MoD source has also been widely reported as saying that "the Americans will be furious that their procedures have been exposed".

Following the exposure, a number of other similar blunders have come to light involving other government departments, according to the Daily Mail web site. 

Some involved the same copy-and-paste error, while others relied only on marker pen to delete sensitive information, which still revealed the text if held up to the light. It was not clear what information these other documents contained at the time of writing.

An MoD review conducted last year highlighted a number of cyber security shortcomings.

The Information Commissioner's Office would not be drawn on whether it would be investigating the incident.

"When redacting information from a freedom of information request organisations must ensure that they use an appropriate redaction tool to ensure the information is correctly withheld," it said in a statement.

"The organisation should also have the necessary policies and procedures in place and that staff are fully trained on how to redact documents correctly prior to publication."