Kudankulam nuclear data breach creates ‘absolute uproar’ among top designers: sources
KKNPP is building four more similar units with Russian technical know-how at Kudankulam, which is to house India’s largest nuclear park with reactors generating 6,000 MW of nuclear power. File photo for representational purposes only. | Photo credit: Reuters
The highly sensitive files of the Kudankulam Nuclear Power Project (KKNPP), which were allegedly accessed by a ransomware group from a contractor’s server, have caused “absolute uproar”, sources at KKNP said on Wednesday (15 July 2026).
After commissioning two 1,000 Mwe VVER reactors, KKNPP is building four more similar units with Russian technical know-how at Kudankulam, where India’s largest nuclear park with reactors generating 6,000 MW of nuclear power is expected to be located.
According to a report by Reuters, more than 19,000 highly sensitive files from 2016 to mid-2025 related to KKNPP technical plans related to control, cooling and ventilation systems, list of vendors and suppliers supplying equipment, operational files of meeting notes, reviews of joint inspections by Indian and Russian engineers, insurance policies, etc. were made available by the well-known World Ransomware group.
The leak is said to have originated from a server hosted by a third-party provider, Yotta, belonging to power supplier Anil Ambani’s Reliance Group, which admitted that a “partial breach” had indeed occurred and declined to specify the nature of the data accessed by the dark web.
Reliance Group’s Reliance Infrastructure was awarded a contract in 2018 to build the infrastructure for Rectors 3 and 4, both under construction.
Sources at the KKNPP admitted that there was “absolute uproar” among top officials of the upcoming nuclear park, who were completely clueless, about this adverse development, which poses a serious security threat as it allows adversaries to map the support system and identify vulnerabilities.
“Suspicious activity on the Yotta server was noticed on May 29 last May and was reported at the end of June. Investigations by the Nuclear Power Corporation of India Limited (NPCIL), the project proponent, and the Computer Emergency Response Team are ongoing,” the sources said.
When KKNPP faced a similar incident in 2019 where a North Korean malware infection in its administrative network exposed KKNPP’s vulnerability, NPCIL just dismissed it saying that their “unbreakable stand-alone network” was intact and no dark web had access to any data.
Neither KKNPP Site Manager Ashok Bhatiya nor Vice President Sunil, Station Manager (1 & 2) could be reached for comment on this sensitive issue.
Also read | Russia is supplying fuel for the third Kudankulam reactor
Senior human resources and public relations manager Kannan, who usually interacted with the media for occasional press statements, also did not take repeated calls.
Several NPCIL sources confirmed the data breach. However, a senior official said, “The leaked files are not related to KKNPP power plant safety or nuclear safety. They are common files common to any thermal power plant.”
Published – 15 Jul 2026 20:56 IST