Kudankulam Nuclear Plant Data Leak Raises Cybersecurity Concerns; Reliance Confirms Partial Breach
Nearly 19,000 engineering and project-related documents allegedly linked to Kudankulam Nuclear Power Plant surface on the dark web

In a major cybersecurity incident with implications for India’s critical infrastructure, ransomware group World Leaks has claimed responsibility for leaking nearly 19,000 files allegedly linked to the Kudankulam Nuclear Power Plant (KNPP) project on the dark web. The leaked cache reportedly contains engineering blueprints, supplier details, inspection reports, equipment reviews, meeting records and insurance documents related to the country’s largest nuclear power project.
The files are believed to have been stolen from a server belonging to Reliance Infrastructure, one of the contractors executing infrastructure works for Kudankulam’s Units 3 and 4. The server was hosted by third-party data centre operator Yotta Data Services. According to Reuters, the documents span the period between 2016 and mid-2025, although their authenticity has not yet been independently verified.
Reliance Confirms “Partial Breach”
Reliance Group has acknowledged that one of its servers suffered a “partial breach” and said the matter has been reported to the Government of India. However, the company has not disclosed the nature or extent of the compromised data.
Yotta Data Services stated that it detected suspicious activity on a Reliance Infrastructure server on May 29, immediately terminated the activity and prevented the suspected ransomware execution. The company later became aware of claims made by external threat actors alleging a data breach and is cooperating with the ongoing investigation.
Core Reactor Systems Not Believed to Be Affected
While the disclosure of sensitive project documentation has triggered concern, there is no evidence at present that the plant’s operational reactor control systems have been compromised.
According to reports, the leaked documents do not appear to include information relating to the nuclear reactors’ core systems, which are supplied by Russia’s state-owned nuclear corporation Rosatom. However, the documents reportedly contain layouts of ventilation and cooling systems, supplier information, control room plans and project-related engineering documentation for Units 3 and 4, which are currently under construction and scheduled to become operational by 2027.
CERT-In, NPCIL Assessing the Situation
India’s premier cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), along with the Nuclear Power Corporation of India Limited (NPCIL), is assessing the scope of the breach and its potential security implications.
Cybersecurity experts have cautioned that even if reactor control systems remain isolated, the exposure of engineering documents and supplier information could enable hostile actors to map infrastructure, identify supply-chain vulnerabilities and plan future cyber or physical attacks on critical infrastructure.
Second Cybersecurity Incident Linked to Kudankulam
The latest development marks the second significant cybersecurity incident associated with Kudankulam Nuclear Power Plant.
In 2019, malware linked to a North Korean hacker group was detected on the plant’s administrative network. NPCIL had then clarified that the malware did not affect the plant’s operational systems, which remain isolated from external networks.
Growing Threat to Critical Infrastructure
The Kudankulam incident comes close on the heels of another high-profile cyberattack claimed by World Leaks involving Tata Electronics, where confidential documents related to Apple and Tesla products were allegedly leaked after a ransomware attack. The successive incidents have intensified concerns over cybersecurity preparedness among companies associated with India’s strategic and critical infrastructure.
Industry experts believe the incident underscores the urgent need for stronger cybersecurity protocols across contractors and supply-chain partners engaged in strategic national infrastructure projects, particularly in the nuclear, defence, energy and semiconductor sectors.
As investigations continue, authorities are expected to examine the authenticity of the leaked documents, determine the extent of the compromise and assess whether any sensitive national security information has been exposed.



