Data Breach Exposes Files Linked to India’s Largest Kudankulam Nuclear Power Plant

Leak exposes purported blueprints of parts of nuclear plant's facilities, supplier details

Stay Connected, Stay Informed - Follow News Alert on WhatsApp for Real-time Updates!

NEW DELHI: A major cybersecurity incident has exposed thousands of files allegedly related to the Kudankulam Nuclear Power Plant, India’s largest nuclear facility, after ransomware group World Leaks published a cache of documents on the dark web.

According to Reuters, the leaked material includes what are described as blueprints of parts of the plant’s infrastructure, supplier information, inspection records, equipment reviews, meeting documents, and insurance policies. While Reuters reviewed the documents, it was unable to independently verify their authenticity.

The ransomware group claimed the data originated from Reliance Group, one of the contractors involved in the nuclear power project.

Reliance Confirms Partial Data Breach

Reliance Group, led by Indian businessman Anil Ambani, acknowledged that a partial data breach had occurred.

In a statement to Reuters, the company said the incident affected data stored on a server hosted by Yotta, a third-party Indian data centre service provider. Reliance added that the matter has been reported to the Indian government but did not specify which files or systems were compromised.

The leaked collection reportedly contains around 19,000 sensitive files, forming part of a much larger archive of approximately 858,000 Reliance-related files posted on the World Leaks website.

Kudankulam’s Strategic Importance

Located in the southern Indian state of Tamil Nadu, the Kudankulam Nuclear Power Plant is the largest among India’s seven operational nuclear power plants and plays a key role in Prime Minister Narendra Modi’s strategy to significantly expand the country’s nuclear energy capacity.

Reliance Infrastructure secured a contract in 2018 to design and build infrastructure for Units 3 and 4, both of which remain under construction. Once operational, the two reactors are expected to generate a combined 2,000 megawatts (MW) of electricity, with commissioning currently planned for 2027.

Cybersecurity Experts Warn of Potential Risks

Although the leaked documents do not appear to involve the reactors’ core nuclear systems—which are supplied by Russia’s state-owned Rosatom—cybersecurity experts say the exposed information could still pose security concerns.

The files reportedly include layouts of ventilation and cooling systems, what appears to be the floor plan of a common control room, approved supplier lists, vendor proposals, inspection records, and photographs of equipment.

Nickolas Roth, Senior Director at the Nuclear Threat Initiative (NTI), warned that such information could potentially allow malicious actors to map the facility’s support infrastructure, identify suppliers, and detect possible weaknesses in the plant’s broader security chain.

He noted that even if core reactor systems remain unaffected, exposing operational and infrastructure-related information could present a serious security challenge.

Ram Temple Trust Reshuffles Leadership After Donation Theft Allegations in India

Investigation Underway

According to a source familiar with the matter, India’s Nuclear Power Corporation of India (NPCIL) has been coordinating with Reliance over the incident, while the Indian Computer Emergency Response Team (CERT-In) has launched an investigation.

NPCIL Chairman Rajesh Veeraraghavan, CERT-In, and the Indian government’s main press office did not respond to Reuters’ requests for comment.

Meanwhile, Yotta stated that it detected suspicious activity on a Reliance Infrastructure server on May 29. The company said the activity was immediately stopped and a suspected ransomware attack was prevented.

However, Yotta added that at the end of June, Reliance informed it that external threat actors had claimed responsibility for a data breach. While Yotta has not independently verified those claims, it said it has shared its technical findings with Reliance and continues to support the ongoing investigation.

India’s Department of Atomic Energy declined to comment, while the Prime Minister’s Office also did not respond to Reuters’ queries.

Insurance and Facility Documents Among Leaked Files

Among the documents reportedly posted online is an insurance policy indicating that Reliance Infrastructure and NPCIL had secured coverage worth approximately $112 million against potential terrorist attacks affecting Units 3 or 4.

The leaked material also includes documents related to supplier approvals, joint inspections conducted in 2024, equipment assessments, and infrastructure planning.

Experts caution that while none of these documents alone confirms a direct threat to reactor safety, collectively they could provide valuable intelligence to cybercriminals or hostile actors seeking to understand the facility’s operational environment.

India’s Growing Cybersecurity Challenge

The incident highlights the increasing frequency of cyberattacks targeting major organisations in India.

According to cybersecurity company Surfshark, India ranked third globally in data breaches last year, with approximately 28.9 million user accounts compromised, behind only the United States and France.

A separate report published by the Data Security Council of India and cybersecurity firm Seqrite found that 73% of surveyed organisations were unaware whether they had previously experienced a cyberattack, while 57% lacked basic cyber hygiene practices, underscoring significant gaps in cybersecurity preparedness.

Second Cyber Incident Linked to Kudankulam

This is not the first time the Kudankulam Nuclear Power Plant has been associated with a cybersecurity incident.

In 2019, malware linked to a North Korean hacking group was discovered on the plant’s administrative network. At the time, the Nuclear Power Corporation of India stated that the matter had been investigated immediately and confirmed that the plant’s operational and reactor systems were not affected.

The latest incident has once again drawn attention to the cybersecurity risks facing critical infrastructure projects, particularly those linked to the energy and nuclear sectors, where protecting sensitive operational data remains a national security priority.

Leave a Comment

This material may not be published, broadcast, rewritten, redistributed or derived from.
Unless otherwise stated, all content is copyrighted © 2025 News Alert.