India’s Largest Nuclear Plant Linked to Major Data Leak After Ransomware Attack

- Thousands of files linked to Kudankulam Nuclear Power Plant reportedly leaked online.
- Reliance Group confirms a partial data breach involving a third-party server.
- Experts warn the leaked documents could pose security risks if authentic.
- Indian authorities and cybersecurity agencies have launched an investigation.
A major cybersecurity incident has reportedly exposed thousands of files linked to India’s largest nuclear power facility, the Kudankulam Nuclear Power Plant in Tamil Nadu, raising fresh concerns over the security of critical infrastructure.
According to Reuters, ransomware group World Leaks has published a large cache of documents on the dark web that it claims were stolen from India’s Reliance Group, one of the contractors involved in the construction of the nuclear plant. The leaked material allegedly includes facility blueprints, supplier information, meeting records, inspection reports, equipment reviews and insurance documents covering the period from 2016 to mid-2025.
Also Read:
Reuters reviewed the documents but said it could not independently verify their authenticity.
Reliance Group, led by businessman Anil Ambani, acknowledged that a “partial breach” had occurred on a server hosted by third-party data centre provider Yotta. The company said the Indian government had been informed but did not disclose which specific data had been compromised.
The Kudankulam Nuclear Power Plant is India’s largest nuclear facility and plays a key role in Prime Minister Narendra Modi’s plans to significantly expand the country’s nuclear energy capacity. Reliance Infrastructure secured the contract in 2018 to build infrastructure for Units 3 and 4, which remain under construction and are expected to begin operations by 2027, adding a combined 2,000 megawatts of electricity generation capacity.
Among the reportedly leaked files are blueprints for ventilation and cooling systems serving Units 3 and 4, layouts of a common control room, supplier proposals, approved vendor lists, inspection records and photographs of equipment. Another document reportedly outlines an insurance policy worth up to $112 million covering terrorism-related damage to the two reactor units.
Security experts warned that, if genuine, such information could help malicious actors identify suppliers, map support systems and detect potential weaknesses in the plant’s security chain. Nickolas Roth, Senior Director at the Nuclear Threat Initiative, described the incident as potentially posing a “serious” security risk.
World Leaks is a well-known ransomware group that has previously targeted major corporations, including Tata Group and Nike. The group typically publishes stolen data after victims refuse to pay ransom demands. Earlier this year, it claimed to have demanded $1.5 million from Tata Group before releasing confidential files allegedly linked to Apple and Tesla projects.
Yotta stated that it detected suspicious activity on a Reliance Infrastructure server on May 29 and immediately halted the suspected ransomware attempt. However, it said Reliance later informed the company that external threat actors were claiming to possess stolen data. Yotta added that it has been unable to independently verify those claims but has shared its technical findings with Reliance and is assisting the ongoing investigation.
India’s Nuclear Power Corporation has reportedly been coordinating with Reliance over the incident, while the Indian Computer Emergency Response Team (CERT-In) is investigating the breach. Officials from the Nuclear Power Corporation, the Department of Atomic Energy and Prime Minister Modi’s office have not publicly commented on the matter.
The leaked documents do not appear to involve the nuclear reactors’ core systems, which are supplied by Russia’s state-owned Rosatom.
The incident comes as India continues to face growing cybersecurity challenges. According to cybersecurity firm Surfshark, India recorded nearly 28.9 million compromised accounts last year, making it the world’s third-most affected country for data breaches after the United States and France.
A separate cybersecurity survey conducted by the Data Security Council of India and Seqrite found that nearly 73% of surveyed organisations were unaware whether they had ever experienced a cyberattack, while 57% lacked basic cyber hygiene practices.
This is also the second cyber-related incident involving the Kudankulam Nuclear Power Plant. In 2019, malware linked to a North Korean hacking group was detected on the plant’s administrative network, although authorities at the time said the operational systems remained unaffected.
Read all the Breaking News Live on pakistantimes.com and Get Latest English News & Updates from Pakistan Times. Follow us on Whatsapp channel for more.




