Latest News

Data breach exposes files relating to India's largest Nuclear Power Plant Kudankulam

World Leaks, a ransomware group, has released on the dark Web a large cache of files relating to India's largest nuclear plant. These include purported blueprints for parts of its facilities as well as supplier details. The information was labelled by World Leaks as being from Reliance Group.

Kudankulam Nuclear Power Plant is located in the southern state of Tamil Nadu and is the largest among India's seven nuclear plants. It's also the center of Prime Minister Narendra Modi’s ambitious plans to increase the country's capacity for?atomic energy?.

Reliance Group of Indian businessman Anil Ambani, one of the plants' contractors, said in a press release that there was a "partial compromise" of their data on a server that is hosted by a third-party Indian provider of data centres, Yotta. The government has also been informed of the incident.

Reliance has not disclosed what data was compromised.

Nickolas Rot, senior director of the Nuclear Threat Initiative (NTI), which advises government and benchmarks country preparedness for nuclear security, believes that the data breach could present a "serious risk" to the safety at the plant. Hacking has become increasingly common in India where companies are not well-equipped to handle such threats.

The documents were dated between 2016 and mid-2025. However, we could not verify their authenticity. They purportedly include blueprints, supplier details, meeting and inspection records as well as equipment reviews and insurance policy.

The 19,000 files seemed to be the most sensitive out of the 858,000 Reliance documents on the World Leaks site.

Reliance Infrastructure won the contract to design and construct the infrastructure for Unit 3 and Unit 4 of the plant in 2018. Reliance Infrastructure, one of the conglomerate's subsidiaries, won a contract in 2018 to design and build infrastructure for Unit 3 and Unit 4 at the plant.

World Leaks did not answer any questions about the Reliance data breach. The group is well-known for targeting Nike and India's Tata Group. The group usually posts stolen corporate information on its website when companies refuse to pay the demanded ransom. The website is only accessible with a special browser.

World Leaks announced in June that it had demanded $1.5 million for files belonging to the Tata Group that contained confidential designs of Apple and Tesla clients. It added that it released the data when Tata "ignored its"?demand.

SUSPICIOUS ACTIVITY ON SERVER MAY

According to a source with knowledge of the situation, the Indian Computer Emergency Response Team, India's principal cybersecurity agency, has been in contact with Reliance regarding the breach. Source declined to identify themselves due to the sensitive nature of the matter.

CERT-In, the main government press office and Nuclear Power Corporation chairman Rajesh Veeraraghavan did not respond to requests for comment.

Yotta stated in a press release that it noticed suspicious activity on May 29, on a server hosted by it and owned by Reliance Infrastructure. The activity was stopped immediately and the ransomware was not executed, it said. However, Reliance Infrastructure informed them at the end June that "external threats actors" had claimed to have breached data.

Yotta stated that it was unable to verify the claims made by the "threat-actor", but it added that they had shared their detailed technical investigation with Reliance Infrastructure, and supported an ongoing investigation.

Modi's office declined to respond to questions, and the Department of Atomic Energy in India refused to comment.

Blueprints and Insurance Policies

World Leaks documents do not seem to be related to the core systems of nuclear reactors, which are supplied by Rosatom.

The documents did include purported blueprints of the ventilation and cooling system used in Unit 3 & Unit 4 as well as what looked like the "complete floor plan" of a "common controls room".

The files also included what appeared as vendor proposals, a supplier list, and an account of a meeting in 2024 about a joint Inspection by the Nuclear Power Corporation, Reliance with photos of equipment.

A document claims to show Reliance Infrastructure, the Nuclear Power Corporation and others had purchased an insurance policy that would have entitled them to $112,000,000 if Unit 3 or Unit 4 suffered an act of terror.

Researchers say that if the files were in the hands a bad actor, they could theoretically be used to map out the plant's systems of support, identify its suppliers, and pinpoint its weaknesses in security.

Roth, from the Nuclear Threat Initiative, said that they could "show an enemy not only who has access but also which systems this access reaches."

According to the cybersecurity company Surfshark, India is third on a list of countries that suffered the most data breaches. With 28,9 million compromised accounts?last year it was only behind the United States and France.

In a report released last year, the Data Security Council of India (DSCI) and cybersecurity firm Seqrite found that 73% of the 204 organizations surveyed in India were "unaware" if they had ever been attacked. Meanwhile, 57% lacked cyber hygiene practices.

In 2019, malware linked to a North Korean hacker team was found on the administrative network of the plant. The Nuclear Power Corporation at the time said that the matter was investigated instantly and the plant systems were unaffected. (Reporting from Munsif Vegattil, Bengaluru; Aditya Kalra, New Delhi; editing by Edwina G. Gibbs).

(source: Reuters)