Kudankulam
x

Data breach at Kudankulam plant rings alarm bells on cybersecurity of critical infra

Around 19,000 sensitive files on Kudankulam project linked to Reliance Group leaked; cache includes blueprints, supplier details, inspection records and insurance documents


Kudankulam Nuclear Power Plant in Tamil Nadu, India's largest nuclear power station, is at the centre of a major cybersecurity scare after ransomware group World Leaks published thousands of files it claims are linked to one of the plant's contractors, Reliance Group. The leaked cache reportedly includes blueprints, supplier details, inspection records and insurance documents relating to the plant's under-construction Units 3 and 4. Reuters reviewed the files but said it could not independently verify their authenticity.

The documents are dated between 2016 and mid-2025 and form part of a much larger cache of more than 858,000 files allegedly stolen from Reliance Group. Nearly 19,000 of those files reportedly relate to the Kudankulam project, making them the most sensitive portion of the leak.

Also read: India's nuclear renaissance needs a new social contract

Reliance Group confirmed to Reuters that there had been a "partial breach" involving data stored on a server hosted by third-party data centre provider Yotta. The company said it has informed the government but did not specify exactly what information had been compromised.

Timeline

According to Yotta, suspicious activity was first detected on May 29, and the suspected ransomware attempt was immediately stopped. However, by the end of June, Reliance Infrastructure informed the company that external threat actors were claiming they had successfully breached its systems.

Yotta said it has not independently verified those claims but has shared its technical findings with Reliance Infrastructure and is assisting with the ongoing investigation.

The incident has also drawn attention because several key government agencies have remained silent. According to Reuters, Nuclear Power Corporation of India Limited (NPCIL) chairman Rajesh Veeraraghavan, the Indian Computer Emergency Response Team (CERT-In), the Department of Atomic Energy and the Prime Minister's Office did not respond to requests for comment.

What's leaked?

The leaked files reportedly include blueprints for ventilation and cooling systems, supplier lists, equipment inspection reports, vendor proposals, insurance documents and what appears to be the floor layout of a common control room for Units 3 and 4.

Importantly, Reuters reported that the documents do not appear to include information related to the reactors' core systems, which are supplied by Russia's state-owned Rosatom. Units 3 and 4 remain under construction and are expected to become operational by 2027.

Despite that, cybersecurity experts warn that even infrastructure-related information can pose security risks.

Also read: 1,000 MW N-plant in Kudankulam marching towards commissioning in 2027

"The data breach could pose a serious risk to the safety of the plant," said Nickolas Roth, Senior Director at the Nuclear Threat Initiative.

He added that the exposed files could reveal "not just who has access to the project but which systems that access reaches."

Previous attack

This is not the first cyber incident involving Kudankulam. In 2019, malware linked to a North Korean hacking group was detected on the plant's administrative network. At the time, NPCIL maintained that the operational systems remained unaffected.

World Leaks has also targeted other major Indian companies. According to the transcript, the ransomware group breached Tata Group in June and demanded $1.5 million after allegedly stealing Apple and Tesla component designs.

Also read: Why ‘coming alive’ of its first commercial prototype fast breeder reactor is a nuclear milestone for

The latest incident comes amid growing concerns over India's cybersecurity preparedness. Industry surveys cited in the report suggest many organisations remain unaware that they have even suffered cyberattacks, while cybersecurity hygiene remains weak across several sectors. Reuters also noted that India ranked third globally in data breaches last year, behind only the United States and France, with nearly 29 million accounts compromised.

Probe underway

According to a Business Today report, NPCIL is in discussions with Reliance Group to assess the seriousness of the breach. CERT-In is also investigating the reported cyber incident involving India's largest nuclear power plant.

While there is currently no evidence that the plant's core reactor systems were compromised, the alleged exposure of infrastructure-related documents has raised fresh concerns about the cybersecurity of India's critical infrastructure and the preparedness of organisations handling sensitive national projects.

Next Story