Data breach exposes files linked to India's Kudankulam nuclear plant
A large cache of files purportedly linked to India’s Kudankulam nuclear plant has surfaced on the dark web following a data breach involving Reliance Group. The documents reportedly include blueprints, supplier details and inspection records.

NEW DELHI: A ransomware group has posted a large cache of files on the dark web that it says are tied to India’s Kudankulam Nuclear Power Plant, including purported facility blueprints and supplier information linked to Reliance Group.
Kudankulam, in the southern Indian state of Tamil Nadu, is the biggest of India’s seven nuclear power plants and is a key part of Prime Minister Narendra Modi’s plans to expand the country’s nuclear energy capacity. Reuters reviewed the files, dated from 2016 to mid-2025, but said it could not authenticate them. The material reportedly includes blueprints, supplier details, meeting and inspection records, equipment reviews and insurance papers.
Reliance Group, owned by businessman Anil Ambani and one of the contractors at the plant, said in a statement to Reuters that there had been a partial breach of its data on a server hosted by Indian data centre company Yotta. The company said the government had been informed, but did not specify which data had been compromised.
The files published by World Leaks appeared to include 19,000 documents considered among the most sensitive within a larger set of 858,000 Reliance files available on the group’s website. World Leaks is known for posting allegedly stolen corporate data after ransom demands are not met. It has previously targeted Nike and India’s Tata Group. In June, the group told Reuters it had demanded $1.5 million over Tata Group files containing confidential component designs belonging to Apple and Tesla, and said it released the data after Tata ignored its demand.
Server activity and investigation
According to Yotta, suspicious activity was detected on May 29 on a server it hosts for Reliance Infrastructure. The company said the activity was stopped immediately and that suspected ransomware execution was prevented. However, it said Reliance Infrastructure later informed it at the end of June that external threat actors had claimed a data breach.
Yotta said it has not been able to verify the threat actors’ claims, but has shared the findings of its technical investigation with Reliance Infrastructure and is supporting the ongoing probe.
According to a source familiar with the matter, the Nuclear Power Corporation of India, which builds and operates the country’s nuclear plants, has been in contact with Reliance over the incident, while the Indian Computer Emergency Response Team is also examining the breach. The source was not named because of the sensitivity of the issue.
Nuclear Power Corporation Chairman Rajesh Veeraraghavan, CERT-In and the Indian government’s main press office did not respond to repeated requests for comment, Reuters reported. India’s Department of Atomic Energy declined to comment, while Modi’s office also did not respond to Reuters queries.
Nature of the exposed files
The documents posted by World Leaks do not appear to concern the reactors’ core systems, which are supplied by Russia’s state-owned Rosatom. But they reportedly include blueprints for ventilation and cooling systems for Unit 3 and Unit 4, along with what appeared to be the complete floor layout of a common control room.
The leaked material also appeared to include vendor bids, an approved suppliers list, and records from a 2024 meeting concerning a joint inspection by the Nuclear Power Corporation and Reliance, including equipment photographs. Another document purportedly shows that Reliance Infrastructure and the Nuclear Power Corporation obtained an insurance policy worth $112 million in the event that either Unit 3 or Unit 4 suffers an act of terrorism.
Reliance Infrastructure secured the contract in 2018 to design and build infrastructure for Units 3 and 4. Both units are still under construction and are expected to begin operating by 2027, adding a combined 2,000 megawatts of generation capacity.
Security concerns and wider context
Nickolas Roth, senior director at the Nuclear Threat Initiative, said the breach could create serious safety concerns for the plant. In comments carried by Reuters, he said the files could help hostile actors understand support systems, identify suppliers and locate potential weak points in the facility’s security chain.
He said the documents could
show an adversary not just who has access to the project but which systems that access reaches,
India has been among the countries most affected by data breaches, according to cybersecurity company Surfshark, which said 28.9 million accounts were compromised there last year, the third-highest total after the United States and France. A report issued last year by the Data Security Council of India and cybersecurity firm Seqrite said 73% of 204 organisations surveyed were unaware whether they had ever been attacked, while 57% lacked cyber hygiene practices.
This is also the second time Kudankulam has been associated with a cyber-related incident. In 2019, malware linked to a North Korean hacking group was found on the plant’s administrative network. At the time, the Nuclear Power Corporation said the matter had been investigated immediately and that plant systems were not affected.
Comments
No comments yet. Be the first to join the discussion!







