Kudankulam Nuclear Plant Data Breached
Ransomware group leaks files, Reliance confirms partial breach, probe underway

A ransomware group called World Leaks has published thousands of files allegedly linked to the Kudankulam Nuclear Power Plant, India's largest nuclear facility. The leaked files, which include blueprints, supplier information, and meeting records, have raised concerns over the security of sensitive infrastructure.
The files were purportedly sourced from the Anil Ambani-led Reliance Group, one of the contractors involved in the Kudankulam project. Reliance has confirmed a partial breach of data stored on a server hosted by Indian data centre service provider Yotta. The company has informed the government about the incident but did not disclose what information had been compromised.
The leaked documents, dated between 2016 and mid-2025, include sensitive information such as inspection reports, insurance documents, and project-related files. However, Reuters was unable to verify the authenticity of the documents. World Leaks uploaded around 19,000 files, which appeared to be the most sensitive among about 858,000 Reliance-related files available on its website.
The ransomware group typically publishes stolen corporate data after companies refuse to pay the demanded ransom. In June, World Leaks demanded $1.5 million from Tata Group for stolen files containing confidential component designs of Apple and Tesla. The group published the data after Tata allegedly ignored its demand.
Reliance Infrastructure secured a contract in 2018 to design and build infrastructure for Unit 3 and Unit 4 of the Kudankulam project. The two units, currently under construction, are expected to become operational by 2027 and will add 2,000 megawatts of power generation capacity.
The Nuclear Power Corporation of India (NPCIL), which operates the country's nuclear power plants, is in contact with Reliance over the breach. The Indian Computer Emergency Response Team (CERT-In) is also investigating the matter. Yotta detected suspicious activity on May 29 on a server belonging to Reliance Infrastructure and immediately stopped it. However, Reliance Infrastructure informed Yotta at the end of June that external threat actors had claimed a data breach.
The incident has raised concerns over the security of sensitive infrastructure in India. Experts warn that such breaches can have serious consequences, including compromising national security and putting sensitive information at risk. The government has not commented on the incident, but an investigation is underway.
The Kudankulam Nuclear Power Plant is a critical infrastructure project in India, and any breach of its security can have significant implications. The plant is expected to play a crucial role in meeting India's growing energy demands. The incident highlights the need for robust cybersecurity measures to protect sensitive infrastructure from such threats.
In conclusion, the data breach at the Kudankulam Nuclear Power Plant is a serious incident that raises concerns over the security of sensitive infrastructure in India. The government and relevant authorities must take immediate action to investigate the breach and prevent such incidents in the future. The incident also highlights the need for companies to have robust cybersecurity measures in place to protect sensitive information from such threats.