Kudankulam nuclear plant data breach triggers ‘absolute commotion’ among project’s top brass: sources
Highly sensitive files of Kudankulam Nuclear Power Project (KKNPP) reportedly accessed by a ransomware group from a contractor’s server has triggered “absolute commotion”, sources in
Highly sensitive files of Kudankulam Nuclear Power Project (KKNPP) reportedly accessed by a ransomware group from a contractor’s server has triggered “absolute commotion”, sources in the KKNP said on Wednesday (July 15, 2026). After commissioning two 1,000 Mwe VVER reactors, the KKNPP is constructing four more similar units with Russian technical know-how at Kudankulam, which is all set to house India’s biggest nuclear park with reactors generating 6,000 MW nuclear power. According to a Reuters report, over 19,000 highly sensitive files dating between 2016 and mid-2025 and linked to KKNPP’s engineering blueprints on control, cooling and ventilation systems, list of vendors and suppliers supplying equipments, operational files on meeting records, reviews of joint inspection by the Indian and Russian engineers, insurance policies etc.
had been accessed by well-known ransomware group, World Leaks. The leak reportedly originated from a server hosted by third party provider, Yotta, belonging to the plant’s contractor Anil Ambani’s Reliance Group, which has admitted that “partial breach” had indeed happened while refusing to detail the nature of the data accessed by the dark web. Reliance Group’s Reliance Infrastructure bagged the contract in 2018 to build infrastructure for rectors 3 and 4, both under construction. Sources in the KKNPP admitted “absolute commotion” was going on among the top brass of the upcoming nuclear park, “who were completely clueless” about this adverse development which poses serious security threat by allowing the enemies to map the support system and identify the vulnerabilities.
“Suspicious activity on Yotta’s server was noted on May 29 last and it was reported in June-end. Investigations by Nuclear Power Corporation of India Limited (NPCIL), the project proponent, and Computer Emergency Response Team are on,” the sources said. When the KKNPP encountered similar incident in 2019, wherein a North Korean malware infection on its administrative network exposed KKNPP’s vulnerability, the NPCIL just dismissed it saying that their “unbreachable standalone network” was intact and no data could be accessed by any dark web. Neither KKNPP’s Site Director Ashok Bhatiya, nor V.P. Sunil, Station Director (1 and 2), could be reached for their comments on this sensitive issue.
Also read | Russia ships fuel for Kudankulam’s third reactor The Senior Manager of Human Resources and Public Relations Kannan, who would usually be in touch with the media for occasional press statements, also did not pick up repeated calls. Multiple NPCIL sources have confirmed the leak of data. However, a senior official said: “The files leaked are not related to KKNPP plant safety or nuclear safety. They are ordinary files which are common to any thermal power plant”.