

Ransomware group World Leaks has posted on the dark web a huge cache of files related to India's largest nuclear plant, including purported blueprints of parts of its facilities and supplier details — information it labelled as coming from Reliance Group.
Situated in the southern Indian state of Tamil Nadu, the Kudankulam Nuclear Power Plant is the largest among the country’s seven nuclear facilities and plays a pivotal role in Prime Minister Narendra Modi’s ambitious agenda to boost India’s atomic energy capacity.
Indian businessman Anil Ambani’s Reliance Group, one of the plant’s contractors, said in a statement to Reuters that there was a “partial breach” of its data on a server operated by the Indian third-party data centre provider Yotta, and that the incident has been reported to the government.
Reliance did not specify which data was compromised.
The data breach may present a "significant" threat to the plant’s safety, according to Nickolas Roth, a senior director at the Nuclear Threat Initiative, an organization that counsels governments and evaluates nations’ readiness on nuclear security.
The incident also highlights the growing frequency of cyberattacks in India, where numerous companies lack adequate defenses against such risks.
According to independent cybersecurity researcher Rakesh Krishnan, who initially informed Reuters of the breach, nearly 19,000 files totaling 14.3 gigabytes that show up under the search term "KKNP"—the acronym for the nuclear plant—have been accessible online since June 11.
Reuters examined the documents, dated from 2016 through mid-2025, but was unable to confirm their authenticity. Along with certain blueprints and supplier information, they reportedly include records of meetings and inspections, equipment assessments, and insurance contracts.
The 19,000 files appeared to be the most sensitive among a total of 858,000 Reliance documents posted on the World Leaks website.
In 2018, Reliance Infrastructure (RLIN.NS), a subsidiary of the conglomerate, secured a contract to design and construct infrastructure for Unit 3 and Unit 4 of the plant.
The two units, which remain under construction, are expected to begin operations by 2027 and together will supply 2,000 megawatts of capacity.
World Leaks, a prominent ransomware organisation that has earlier attacked Nike and India's Tata Group.
In June, World Leaks informed Reuters that it had demanded a $1.5 million ransom for Tata Group files containing confidential component designs belonging to clients Apple (AAPL.O) and Tesla (TSLA.O), and said it published the data after Tata allegedly disregarded its request.
The Nuclear Power Corporation of India, which oversees the commissioning and operation of the country’s nuclear power plants, has been in communication with Reliance about the breach, while the Indian Computer Emergency Response Team (CERT-In), the nation’s main cybersecurity agency, is examining the incident, according to a source familiar with the matter.
The source sought anonymity because of the sensitivity of the issue.
In a statement issued after this article was published, the Nuclear Power Corporation clarified that the information reportedly available in the public domain concerns only common service facilities and is not connected to any systems related to nuclear safety or nuclear security.
Yotta said in a statement that it detected suspicious activity on May 29 on a hosted server owned by Reliance Infrastructure. The company said the activity was promptly stopped and the attempted ransomware deployment was blocked.
However, at the end of June, Reliance Infrastructure informed Yotta that "external threat actors" were claiming to have carried out a data breach.
Yotta said it has not been able to verify the claims of the "threat actor", but added that it has shared its detailed technical investigation with Reliance Infrastructure and supports an ongoing investigation.
According to cybersecurity firm Surfshark, India is the third most affected country in terms of data breaches, with 28.9 million accounts compromised last year, trailing only the United States and France.
A report released last year by the Data Security Council of India and cybersecurity firm Seqrite found that among 204 organisations surveyed nationwide, about 73% did not know whether they had ever been targeted by cyberattacks, and 57% did not follow basic cyber hygiene practices.
This marks the second instance in which the Kudankulam plant has been associated with a cyber incident, following the discovery in 2019 of malware connected to a North Korean hacking group on its administrative network. At that time, the Nuclear Power Corporation stated that the issue was promptly investigated and that the plant’s systems remained unaffected.