Sensitive documents allegedly related to the Kudankulam Nuclear Power Plant (KKNPP), India’s largest nuclear power facility, have been posted on the dark web by ransomware group World Leaks. The leaked cache reportedly includes blueprints of certain plant facilities, supplier information, inspection records, and insurance policies connected to the project’s ongoing expansion.
The incident has raised cybersecurity concerns around India’s critical infrastructure and prompted investigations by the country’s cybersecurity authorities.
Reliance Group Confirms Partial Data Breach
Reliance Group, one of the contractors involved in the Kudankulam nuclear project, confirmed that a “partial breach” of its data had occurred on a server hosted by Indian data centre service provider Yotta.
In a statement to Reuters, the company said the Indian government had been informed about the incident but did not disclose the exact nature or extent of the compromised data.
Reliance Infrastructure, a subsidiary of Reliance Group, secured a contract in 2018 to design and build infrastructure for Units 3 and 4 of the Kudankulam Nuclear Power Plant. Both units are currently under construction and are expected to become operational by 2027, adding a combined capacity of 2,000 megawatts.
What Data Was Allegedly Leaked?
Reuters reviewed the leaked files, which are dated between 2016 and mid-2025, but could not independently verify their authenticity.
According to the report, approximately 19,000 files appear to contain sensitive information from a larger collection of nearly 858,000 Reliance-related documents uploaded on World Leaks’ dark web platform.
The allegedly leaked documents include:
- Blueprints for ventilation and cooling systems used in Units 3 and 4.
- Floor layouts of a purported common control room.
- Supplier and vendor details.
- Meeting minutes and joint inspection records.
- Equipment review documents and photographs.
- Insurance policies related to the nuclear power project.
Importantly, the leaked documents do not appear to include information related to the nuclear reactors’ core systems, which are supplied by Russia’s state-owned nuclear energy corporation.
Cybersecurity Experts Warn of Potential Risks
Cybersecurity experts have cautioned that even if the leaked files do not involve reactor systems, they could still pose significant security risks.
Nickolas Roth, Senior Director at the Nuclear Threat Initiative, described the breach as potentially “serious,” noting that such information could help malicious actors map support systems, identify suppliers, and detect vulnerabilities in the project’s broader security framework.
Experts say infrastructure blueprints and supplier access details can provide valuable intelligence that may be exploited in cyber or physical attacks against critical infrastructure.
CERT-In and Nuclear Authorities Investigating the Incident
India’s Computer Emergency Response Team (CERT-In) is reportedly investigating the alleged breach alongside relevant government agencies.
Sources familiar with the matter told Reuters that the Nuclear Power Corporation of India Limited (NPCIL), which operates the country’s nuclear power plants, has been coordinating with Reliance Group regarding the incident.
Officials from NPCIL, CERT-In, and India’s Department of Atomic Energy have not publicly commented on the ongoing investigation.
Yotta Detected Suspicious Activity in May
Yotta, the data centre service provider hosting Reliance Infrastructure’s server, stated that it detected suspicious activity on May 29.
The company said it immediately terminated the activity and successfully prevented suspected ransomware execution. However, in late June, Reliance Infrastructure informed Yotta that external threat actors were claiming responsibility for a data breach.
Yotta added that it has not independently verified the hackers’ claims but has completed a technical investigation and is assisting authorities in the ongoing probe.
Who Is World Leaks?
World Leaks is a ransomware group known for targeting major corporations worldwide. The group typically publishes stolen corporate data on its dark web platform when organisations refuse to pay ransom demands.
The group has previously claimed responsibility for cyberattacks involving multinational companies, including Tata Group and Nike. Earlier this year, World Leaks told Reuters that it had demanded $1.5 million from Tata Group before releasing allegedly stolen confidential files belonging to clients such as Apple and Tesla.
Its website is accessible only through specialised browsers commonly used to access dark web platforms.
Kudankulam Nuclear Plant Previously Faced Cybersecurity Concerns
This is not the first cybersecurity-related incident involving the Kudankulam Nuclear Power Plant.
In 2019, malware linked to a North Korean hacking group was detected on the plant’s administrative network. At the time, NPCIL stated that the incident did not impact any operational or critical plant systems.
The latest alleged breach has once again highlighted the cybersecurity challenges facing India’s critical infrastructure.
Also Read: Mouni Roy Loses Her Cool at Paparazzi Outside Mumbai Restaurant, Repeatedly Says ‘Band Karo’
India’s Growing Cybersecurity Challenge
India continues to face an increasing number of cyberattacks across sectors. According to cybersecurity company Surfshark, India ranked third globally in reported data breaches last year, with approximately 28.9 million accounts compromised.
A joint report by the Data Security Council of India and cybersecurity firm Seqrite found that:
- Around 73% of surveyed organisations were unaware whether they had ever been targeted by cyberattacks.
- Nearly 57% lacked adequate cyber hygiene practices and preparedness measures.
The alleged Kudankulam data breach underscores the growing need for stronger cybersecurity protocols, especially for organisations involved in strategic and critical infrastructure projects.









