Files related to India’s largest Kudankulam nuclear power plant exposed in data breach | Today’s news
Ransomware group World Leaks has published on the dark web a huge cache of files related to India’s largest nuclear power plant, including alleged blueprints for parts of its equipment and details of suppliers – information it has identified as coming from the Reliance Group.
Located in the southern state of Tamil Nadu, the Kudankulam nuclear power plant is the largest of India’s seven nuclear power plants and is central to Prime Minister Narendra Modi’s ambitious plans to expand the country’s nuclear power capacity.
Indian businessman Anil Ambani’s Reliance Group, one of the plant’s suppliers, told Reuters in a statement that there had been a “partial breach” of its data on a server hosted by third-party Indian data center services provider Yotta and that the government had been informed of the incident.
Reliance did not disclose what data was breached.
A data breach could pose a “serious” risk to plant security, says Nickolas Roth, senior director of the Nuclear Threat Initiative, which advises governments and assesses countries’ nuclear security preparedness. The breach also underscores how hackers have become more common in India, where many companies are ill-equipped to deal with such threats.
Nearly 19,000 files totaling 14.3 gigabytes that appear for the search term “KKNP” — short for nuclear power plant — in the data were online as of June 11, according to independent cybersecurity researcher Rakesh Krishnan, who first reported the leak to Reuters.
Reuters reviewed the documents, which were dated between 2016 and mid-2025, but could not verify their authenticity. In addition to some plans and contractor details, they reportedly show meeting and inspection records, equipment reviews and insurance policies.
The 19,000 files appeared to be the most sensitive of the total 858,000 Reliance files on the World Leaks website.
One of the conglomerate’s subsidiaries, Reliance Infrastructure, was awarded the contract in 2018 for the design and construction of infrastructure for the 3rd and 4th units of the power plant. The two units, which are still under construction, are expected to be operational by 2027 and provide a combined capacity of 2,000 megawatts.
World Leaks, a well-known ransomware group that previously targeted Nike and India’s Tata Group, did not respond to questions from Reuters about the Reliance data breach. The group typically publishes stolen company data on its website after companies refuse to pay the ransom demanded. Its website can only be accessed using a specialized browser.
In June, World Leaks told Reuters it had demanded a $1.5 million ransom for Tata Group files that contained confidential component designs from clients Apple and Tesla, adding that it released the data after Tata “ignored” its demand.
Suspicious activity on the server in May
The Nuclear Power Corporation of India, which commissions and operates the country’s nuclear power plants, has communicated with Reliance about the breach, and India’s main cyber security agency – the Indian Computer Emergency Response Team (CERT-In) – is investigating the incident, according to a source familiar with the matter. The source declined to be identified due to the sensitivity of the issue.
Nuclear Power Corporation chairman Rajesh Veeraraghavan, CERT-In and the government’s chief press office did not respond to repeated requests for comment.
In a statement, Yotta said it noticed suspicious activity on a server it hosts, which belongs to Reliance Infrastructure, on May 29. It said the activity was immediately shut down and that the suspected ransomware was prevented, but Reliance Infrastructure informed it in late June that “complaints of a data breach have been made by external threat actors”.
Yotta said it was unable to verify the “threat actor” claim, but added that it had shared its detailed technical investigation with Reliance Infrastructure and was supporting the ongoing investigation.
India’s Ministry of Atomic Energy declined to comment, while Modi’s office did not respond to inquiries from Reuters.
Plans and insurance policies
The documents published on World Leaks do not appear to relate to nuclear reactor core systems supplied by Russia’s state-owned Rosatom.
They contained purported blueprints of the ventilation and cooling systems used in Unit 3 and Unit 4, as well as what appeared to be a complete floor plan of the “common control room”.
The files also contained what appeared to be contractor proposals, a list of approved contractors, and a record of a 2024 meeting on a joint inspection by Nuclear Power Corporation and Reliance with photos of the facility.
Another document purports to show that Reliance Infrastructure and Nuclear Power Corporation have taken out an insurance policy that would entitle them to $112 million if Unit 3 or Unit 4 were to suffer a terrorist attack.
According to the researchers, the files in the hands of bad actors could theoretically be misused to map the plant’s support systems, identify its suppliers and pinpoint weaknesses in its security chain.
They could “show adversaries not only who has access to the project, but also which systems that access is going to,” said Roth of the Nuclear Threat Initiative.
According to cyber security firm Surfshark, India ranks third in the list of countries most affected by data breaches, with 28.9 million accounts compromised last year, behind only the United States and France.
A report last year by the Data Security Council of India and cyber security company Seqrite said that of 204 organizations surveyed across India, about 73% were “not aware if they have ever been hacked”, while 57% lacked cyber hygiene practices.
It is also the second time the Kudankulam power plant has been linked to a cyber incident, with malware linked to a group of North Korean hackers found in the plant’s administrative network in 2019. At the time, the Nuclear Power Corporation said the matter was immediately investigated and the plant’s systems were not affected.