Data Breach Exposes Sensitive Files from India’s Largest Nuclear Plant Kudankulam

Ransomware cache tied to Reliance contractor raises fresh alarms over nuclear safety and India’s weak cyber defences
Data Breach Exposes Sensitive Files from India’s Largest Nuclear Plant Kudankulam
Data Breach Exposes Sensitive Files from India’s Largest Nuclear Plant KudankulamThe Bridge Chronicle
Published on

Ransomware group World Leaks has posted on the dark web a huge cache of files related to India's largest nuclear plant, including purported blueprints of parts of its ​facilities and supplier details — information it labelled as coming from Reliance Group.

Situated in the southern Indian state of Tamil Nadu, the Kudankulam Nuclear Power Plant is the largest among the country’s seven nuclear facilities and plays a pivotal role in Prime Minister Narendra Modi’s ambitious agenda to boost India’s atomic energy capacity.

Data Breach Exposes Sensitive Files from India’s Largest Nuclear Plant Kudankulam
Tata Electronics Breach Reportedly Exposes Apple Supplier Data and Alleged iPhone 18 Pro Images

Indian businessman Anil Ambani’s Reliance Group, one of the plant’s contractors, said in a statement to Reuters that there was a “partial breach” of its data on a server operated by the Indian third-party data centre provider Yotta, and that the incident has been reported to the government.

Reliance did not specify which data was compromised.

The data breach may present a "significant" threat to the plant’s safety, according to Nickolas Roth, a senior director at the Nuclear Threat Initiative, an organization that counsels governments and evaluates nations’ readiness on nuclear security.

The incident also highlights the growing frequency of cyberattacks in India, where numerous companies lack adequate defenses against such risks.

Data Breach Exposes Sensitive Files from India’s Largest Nuclear Plant Kudankulam
India Issues High-Risk Alert for Chrome Users Following Discovery of Multiple Vulnerabilities

According to independent cybersecurity researcher Rakesh Krishnan, who initially informed Reuters of the breach, nearly 19,000 files totaling 14.3 gigabytes that show up under the search term "KKNP"—the acronym for the nuclear plant—have been accessible online since June 11.

Reuters examined the documents, dated from 2016 through mid-2025, but was unable to confirm their authenticity. Along with certain blueprints and supplier information, they reportedly include records of meetings and inspections, equipment assessments, and insurance contracts.

The 19,000 files appeared to be the most sensitive among a total of 858,000 Reliance documents posted on the World Leaks website.

Data Breach Exposes Sensitive Files from India’s Largest Nuclear Plant Kudankulam
Indian Government Warns Zoom Users of High-Risk Hacking Threats

In 2018, Reliance Infrastructure (RLIN.NS), a subsidiary of the conglomerate, secured a contract to design and construct infrastructure for Unit 3 and Unit 4 of the plant.

The two units, which remain under construction, are expected to begin operations by 2027 and together will supply 2,000 megawatts of capacity.

World Leaks, a prominent ransomware organisation that has earlier attacked Nike and India's Tata Group.

In June, World Leaks informed Reuters that it had demanded a $1.5 million ransom for Tata Group files containing confidential component designs belonging to clients Apple (AAPL.O) and Tesla (TSLA.O), and said it published the data after Tata allegedly disregarded its request.

SUSPICIOUS ACTIVITY ON SERVER IN MAY

The Nuclear Power Corporation of India, which oversees the commissioning and operation of the country’s nuclear power plants, has been in communication with Reliance about the breach, while the Indian Computer Emergency Response Team (CERT-In), the nation’s main cybersecurity agency, is examining the incident, according to a source familiar with the matter.

The source sought anonymity because of the sensitivity of the issue.

In a statement issued after this article was published, the Nuclear Power Corporation clarified that the information reportedly available in the public domain concerns only common service facilities and is not connected to any systems related to nuclear safety or nuclear security.

Yotta said in a statement that it detected suspicious activity on May 29 on a hosted server owned by Reliance Infrastructure. The company said the activity was promptly stopped and the attempted ransomware deployment was blocked.

However, at the end of June, Reliance Infrastructure informed Yotta that "external threat actors" were claiming to have carried out a data breach.

Yotta said it has not been able to verify the claims of the "threat actor", but added that it has shared its detailed technical investigation with Reliance ​Infrastructure and supports an ongoing investigation.

India and Data Breach

According to cybersecurity firm Surfshark, India is the third most affected country in terms of data breaches, with 28.9 million accounts compromised last year, trailing only the United States and France.

A report released last year by the Data Security Council of India and cybersecurity firm Seqrite found that among 204 organisations surveyed nationwide, about 73% did not know whether they had ever been targeted by cyberattacks, and 57% did not follow basic cyber hygiene practices.

This marks the second instance in which the Kudankulam plant has been associated with a cyber incident, following the discovery in 2019 of malware connected to a North Korean hacking group on its administrative network. At that time, the Nuclear Power Corporation stated that the issue was promptly investigated and that the plant’s systems remained unaffected.

Help Us Create the Content You Love

Take Survey Now!

Enjoyed reading The Bridge Chronicle?
Your support motivates us to do better. Follow us on Facebook, Instagram, Twitter and Whatsapp to stay updated with the latest stories.
You can also read on the go with our Android and iOS mobile app.

logo
The Bridge Chronicle
www.thebridgechronicle.com