India

Files relating to India's largest nuclear power plant Kudankulam exposed in data breach

Ransomware group World Leaks posted files it says are from Kudankulam nuclear plant contractor Reliance Group

avatar-icon

News Desk

The News Desk provides timely and factual coverage of national and international events, with an emphasis on accuracy and clarity.

Files relating to India's largest nuclear power plant Kudankulam exposed in data breach

Police patrol on a beach near Kudankulam nuclear power project in the southern Indian state of Tamil Nadu.

Reuters

A ransomware group has published thousands of files it claims are linked to India's largest nuclear power plant, including purported blueprints, supplier information and internal project records. The plant's contractor described it as a partial data breach.

Reuters could not independently verify the documents' authenticity and the incident is under investigation by Indian authorities.

What happened in the Kudankulam nuclear plant data breach?

Ransomware group World Leaks posted the files on the dark web, saying the data came from Reliance Group, a contractor on the Kudankulam Nuclear Power Plant in Tamil Nadu.

Nearly 19,000 files tied to the plant went online, and Reliance Group confirmed a "partial breach" involving data stored on a third-party server. Indian authorities are now investigating the incident.

Why does the Kudankulam plant matter to India's energy plans?

Kudankulam is India's largest of seven nuclear power plants and is central to Prime Minister Narendra Modi's plans to expand the country's nuclear power generation capacity.

Reliance Infrastructure, a Reliance Group subsidiary led by businessman Anil Ambani, secured a 2018 contract to design and build infrastructure for Units 3 and 4 of the project.

Those two reactors are under construction and expected to become operational by 2027, adding 2,000 megawatts of generating capacity.

What did Reliance Group say about the breach?

Reliance Group said in a statement to Reuters that a "partial breach" had occurred involving data stored on a server hosted by third-party data center operator Yotta.

The company said it had informed the Indian government of the incident but did not disclose what specific information had been compromised.

Yotta said it detected suspicious activity on May 29, terminated it immediately, and believed it had prevented a ransomware attack before Reliance Infrastructure later reported that threat actors had claimed a breach.

What was in the leaked files?

Reuters reviewed the documents, dated between 2016 and mid-2025, but could not verify their authenticity. The cache included engineering blueprints, supplier lists, meeting and inspection records, equipment review documents and insurance policies. The 19,000 files appeared to be the most sensitive subset of roughly 858,000 Reliance-related files published by World Leaks.

The leaked material did not appear to involve the reactors' core systems, which are supplied by Russia's state-owned Rosatom.

It did include apparent blueprints for ventilation and cooling systems serving Units 3 and 4, a floor plan of a common control room, vendor proposals, an approved supplier list, records of a 2024 joint inspection by NPCIL and Reliance, equipment photographs, and what appeared to be a $112 million insurance policy covering terrorism-related damage to either reactor.

Who is World Leaks?

World Leaks is a ransomware group known for targeting major corporations, including India's Tata Group, and typically publishes stolen data after victims refuse ransom demands. Its website is accessible only through specialized software, and the group did not respond to Reuters' requests for comment.

In June, World Leaks told Reuters it had demanded $1.5 million from Tata Group over files tied to clients Apple and Tesla, and released the data after the company ignored the demand.

Comments

See what people are discussing