Data Breach Exposes Information on India’s Largest Nuclear Power Plant
A significant data breach has emerged involving India’s largest nuclear power plant, the Kudankulam Nuclear Power Plant, as reported by Reuters. This incident is linked to a ransomware group named World Leaks, which has shared a large number of files online.
The files include what appears to be blueprints and details of suppliers related to the plant. World Leaks claims this information originates from the Reliance Group, a contractor connected to the facility.
In response, the Nuclear Power Corporation of India assured the public that the breach did not compromise any critical nuclear security information. Located in Tamil Nadu, the Kudankulam plant plays a vital role in the government’s plans to bolster India’s nuclear energy capacity.
Anil Ambani’s Reliance Group acknowledged that there was a “partial breach” of information stored on a server managed by a third-party data center, Yotta, and confirmed that the government has been notified. However, the specifics of the breached data have not been disclosed.
Cybersecurity expert Rakesh Krishnan, who first highlighted the leak, mentioned that approximately 19,000 files related to the plant had been publicly available since June 11, totaling about 14.3 gigabytes. Although Reuters examined the documents, which date from 2016 to mid-2025, they could not confirm whether the documents were authentic.
The leaked materials reportedly included blueprints, supplier details, meeting notes, and inspection records, among other things. Notably, these files are among the more sensitive of 858,000 documents associated with Reliance found on the World Leaks website.
Reliance Infrastructure, a subsidiary of the Reliance Group, secured a contract in 2018 to build infrastructure for two new units, Unit 3 and Unit 4 of the plant, which are expected to be operational by next year and provide a combined capacity of 2,000 megawatts.
Experts warn that such breaches could represent a significant threat to nuclear plant safety. Nickolas Roth from the Nuclear Threat Initiative highlighted concerns about the increasing frequency of hacks in India, where many organizations may not be sufficiently prepared to handle these cybersecurity threats.
The Nuclear Power Corporation is currently communicating with Reliance regarding the breach, while India’s primary cybersecurity agency, CERT-In, has begun investigating the situation.
In a statement, the Nuclear Power Corporation noted that the leaked information pertains only to general service facilities and does not involve any matters related to nuclear safety or security.
World Leaks, known for targeting various major companies, including Nike and Tata Group, has not responded to inquiries regarding the Reliance breach. The group typically posts stolen data online when companies refuse to pay the demanded ransom.
