Exclusive-Files relating to India’s largest nuclear power plant Kudankulam exposed in data breach
· CNA · JoinRead a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST
BENGALURU, July 15 : Ransomware group World Leaks has posted on the dark web a huge cache of files related to India's largest nuclear plant, including purported blueprints of parts of its facilities and supplier details — information it labelled as coming from Reliance Group.
The Kudankulam Nuclear Power Plant, located in the southern state of Tamil Nadu, is the largest of India's seven nuclear plants and central to Prime Minister Narendra Modi's ambitious plans to expand the country's atomic energy capacity.
Indian businessman Anil Ambani's Reliance Group, one of the plant's contractors, told Reuters in a statement that there had been a "partial breach" of its data on a server hosted by third-party Indian data centre service provider Yotta, and that the government has been informed about the incident.
Reliance did not disclose what data had been breached.
CNA Games
Guess Word
Crack the word, one row at a time
Buzzword
Create words using the given letters
Mini Sudoku
Tiny puzzle, mighty brain teaser
Mini Crossword
Small grid, big challenge
Word Search
Spot as many words as you can
Show More
Show Less
The data breach could pose a "serious" risk to the safety of the plant, says Nickolas Roth, a senior director at the Nuclear Threat Initiative, which advises governments and benchmarks countries' preparedness on nuclear security. The breach also underscores how hacks have become more common in India, where many companies are ill-equipped to deal with such threats.
Reuters reviewed the documents, which were dated from 2016 to mid-2025, but could not verify their authenticity. In addition to some blueprints and supplier details, they purportedly show meeting and inspection records, equipment reviews and insurance policies.
The 19,000 files appeared to be the most sensitive of a total 858,000 Reliance files on the World Leaks website.
One of the conglomerate's subsidiaries, Reliance Infrastructure, won a contract in 2018 to design and build infrastructure for the plant's Unit 3 and Unit 4. Both units, still under construction, are due to be operational by 2027 and are slated to provide a combined 2,000 megawatts of capacity.
World Leaks, a well-known ransomware group that has previously targeted Nike and India's Tata Group, did not respond to Reuters queries on the Reliance data breach. The group typically posts stolen corporate data on its website after companies decline to pay the ransom demanded. Its website can only be accessed with a specialised browser.
In June, World Leaks told Reuters it had sought $1.5 million in ransom for Tata Group files that contained confidential component designs of clients Apple and Tesla, adding that it posted the data after Tata "ignored" its demand.
SUSPICIOUS ACTIVITY ON SERVER IN MAY
The Nuclear Power Corporation of India, which commissions and operates the country's nuclear power plants, has been communicating with Reliance about the breach and India's main cybersecurity agency — the Indian Computer Emergency Response Team (CERT-In) — is looking into the incident, according to a source familiar with the matter. The source declined to be identified due to the sensitivity of the issue.
Nuclear Power Corporation Chairman Rajesh Veeraraghavan, CERT-In and the government's main press office did not respond to repeated requests for comment.
Yotta said in a statement it had noted suspicious activity on May 29 on a server it hosts that belongs to Reliance Infrastructure. It said the activity was immediately terminated and that the suspected ransomware execution was prevented, but Reliance Infrastructure informed it at the end of June that there had been claims of a data breach made by "external threat actors."
Yotta said it has not been able to verify the claims of the "threat actor", but added that it has shared its detailed technical investigation with Reliance Infrastructure and supports an ongoing investigation.
India's Department of Atomic Energy declined to comment, while Modi's office did not respond to Reuters queries.
BLUEPRINTS AND INSURANCE POLICIES
The documents posted on World Leaks do not appear to relate to the nuclear reactors' core systems, which are supplied by Russia's state-owned Rosatom.
They did contain purported blueprints for the ventilation and cooling systems used in Unit 3 and Unit 4, as well as what appeared to be the complete floor layout of a "common control room".
The files also included what appeared to be vendor proposals, a list of approved suppliers, and a record of a 2024 meeting about a joint inspection by the Nuclear Power Corporation and Reliance, with photos of equipment.
Another document purports to show that Reliance Infrastructure and the Nuclear Power Corporation had taken out an insurance policy that would entitle them to $112 million if either Unit 3 or Unit 4 were to suffer an act of terrorism.
The files, in the hands of bad actors, could in theory be exploited to map the plant's support systems, identify its suppliers and pinpoint weaknesses in its security chain, according to researchers.
They could "show an adversary not just who has access to the project but which systems that access reaches," said Nuclear Threat Initiative's Roth.
India ranks third among a list of countries suffering the most data breaches, with 28.9 million accounts compromised last year, lagging only the United States and France, according to cybersecurity company Surfshark.
A report last year by the Data Security Council of India and cybersecurity firm Seqrite said that of 204 organisations surveyed across India, some 73 per cent were "unaware if they have ever been attacked" while 57 per cent lack cyber hygiene practices.
It is also the second time that the Kudankulam plant has been linked to a cyber incident, with malware tied to a North Korean hacker group found on the plant's administrative network in 2019. At the time, the Nuclear Power Corporation said the matter was investigated immediately and plant systems were not affected.
Newsletter
Week in Review
Subscribe to our Chief Editor’s Week in Review
Our chief editor shares analysis and picks of the week's biggest news every Saturday.
Sign up for our newsletters
Get our pick of top stories and thought-provoking articles in your inbox
Get the CNA app
Stay updated with notifications for breaking news and our best stories
Get WhatsApp alerts
Join our channel for the top reads for the day on your preferred chat app