Leaked Kudankulam plant data not linked to nuke systems: Nuclear power operator
India's nuclear power operator rejected reports of a sensitive data breach at the Kudankulam Nuclear Power Project, saying the leaked files relate only to conventional Balance of Plant facilities and not to any nuclear safety or security systems.
by Shipra Parashar · India TodayIn Short
- World Leaks allegedly published over 19,000 project files on the dark web
- Documents include drawings related to control, cooling, ventilation systems
- Reliance Infrastructure confirms partial breach, says no impact on operations
The Nuclear Power Corporation of India Limited (NPCIL) on Wednesday denied reports of a "sensitive data breach" at the Kudankulam Nuclear Power Project, asserting that no sensitive nuclear information or critical systems had been compromised after a ransomware group claimed to have leaked thousands of project-related files on the dark web.
The clarification came after Reuters reported that the ransomware group World Leaks had published more than 19,000 files linked to the Tamil Nadu-based nuclear plant, including engineering blueprints, vendor lists, inspection records and operational documents allegedly sourced from a server belonging to project contractor Reliance Infrastructure.
Rejecting reports of a breach involving nuclear infrastructure, NPCIL said the information in question related only to the Balance of Plant (BoP) package, common service facilities of a conventional nature that are not part of the plant's nuclear safety or nuclear security systems.
"The information reportedly available in the public domain pertains only to conventional balance of plant common service facilities," NPCIL said in a statement issued by Executive Director (Corporate Communications) Prateek Agarwal.
The state-run nuclear operator said the engineering, procurement and construction contract for the BoP package had been awarded to Reliance Infrastructure through a public tender.
NPCIL added that the scope covered conventional facilities typically found in thermal power plants and other process industries, and did not involve reactor safety or security systems. It also clarified that it had shared only indicative drawings and technical specifications during the bidding process.
Based on these, Reliance Infrastructure prepared detailed engineering drawings in consultation with original equipment manufacturers, which were subsequently reviewed and approved by NPCIL.
The reported leak is believed to have originated from a server hosted by third-party cloud provider Yotta and used by Reliance Infrastructure.
According to Reuters, the cache includes documents dating from 2016 to mid-2025, such as engineering drawings related to control, cooling and ventilation systems, vendor and supplier information, joint inspection records involving Indian and Russian engineers, meeting minutes and insurance documents.
Reliance Group acknowledged that a "partial breach" had occurred but maintained that there was no impact on critical infrastructure or core operational systems. The company did not disclose the exact nature of the compromised data.
Kudankulam, with a planned capacity of 6,000 MW, is India's largest nuclear power plant.
Reliance Infrastructure was awarded the contract in 2018 to build infrastructure for Units 3 and 4 of the Kudankulam Nuclear Power Project, which is being jointly developed by NPCIL and Russia's Rosatom. While Units 1 and 2 are operational, Units 3, 4, 5 and 6 are at various stages of construction and commissioning.
- Ends