A ransomware group has published thousands of files allegedly related to India's largest nuclear power plant, Kudankulam. Experts warn that this could pose a 'serious' risk to the facility's security.
Details of the Data Leak
The hacker group World Leaks posted over 19,000 confidential documents concerning the Kudankulam Nuclear Power Plant in Tamil Nadu on the dark web. These documents are part of a larger set of approximately 858,000 files reportedly stolen from Reliance Group, one of the project's contractors.
Reliance Group confirmed a 'partial breach' of data on a server hosted by the third-party Indian data center Yotta. The company informed Reuters that the government was notified but did not disclose which specific data was compromised.
Content of the Stolen Materials
Reuters examined the leaks, dated from 2016 to mid-2025, but could not verify their authenticity. According to reports, the files include engineering drawings of ventilation and cooling systems, floor plans of the main control room, equipment inspection reports, supplier lists, vendor proposals, meeting minutes, and insurance policies.
These documents primarily relate to Blocks 3 and 4 of the Kudankulam plant, which are currently under construction and are planned for commissioning by 2027. Apparently, they do not contain designs for the main nuclear reactor systems supplied by the state Russian company Rosatom.
Expert Opinion on Risks
Nicholas Roth, Senior Director at the Nuclear Threat Initiative, stated that this leak could present a 'serious' risk to the plant's security. He told Reuters that attackers could reveal an adversary not only who has access to the project but also to which systems that access extends.
Despite the lack of evidence compromising the operational reactor systems, cybersecurity experts believe the obtained information could be valuable to hostile actors. Attackers could potentially exploit vulnerabilities in associated infrastructure or third-party suppliers.
Investigation Progress
According to a source familiar with the matter, the investigation into the breach is being conducted by India's Computer Emergency Response Team in collaboration with the Atomic Energy Corporation of India. Yotta, the data center provider, stated that it detected suspicious activity on the server on May 29, and the alleged ransomware execution was prevented; however, Reliance Infrastructure later notified the company about the data breach claims.
Neither the Ministry of Atomic Energy nor the Prime Minister's Office publicly commented on the investigation conducted by Reuters. World Leaks, previously targeting Tata Group and Nike, did not respond to requests for comment.
This incident comes amid growing concerns over the cybersecurity of India's critical infrastructure. According to cybersecurity firm Surfshark, 28.9 million compromised accounts were registered in India last year, making the country one of the most affected by data leaks globally. Furthermore, a recent industry survey showed that 73% of surveyed Indian organizations 'do not know if they have been attacked,' and 57% do not adhere to cybersecurity hygiene practices.