Files relating to India’s largest nuclear power plant Kudankulam exposed in data breach
Ransomware group World Leaks has posted on the dark web a huge cache of files related to India's largest nuclear plant, including purported blueprints of
Ransomware group World Leaks has posted on the dark web a huge cache of files related to India's largest nuclear plant, including purported blueprints of parts of its facilities and supplier details — information it labelled as coming from Reliance Group. The Kudankulam Nuclear Power Plant, located in the southern state of Tamil Nadu, is the largest of India's seven nuclear plants and central to Prime Minister Narendra Modi's ambitious plans to expand the country's atomic energy capacity. Indian businessman Anil Ambani's Reliance Group, one of the plant's contractors, told Reuters in a statement that there had been a "partial breach" of its data on a server hosted by third-party Indian data centre service provider Yotta, and that the government has been informed about the incident. Reliance did not disclose what data had been breached. The data breach could pose a "serious" risk to the safety of the plant, says Nickolas Roth, a senior director at the Nuclear Threat Initiative, which advises governments and benchmarks countries' preparedness on nuclear security. The breach also underscores how hacks have become more common in India, where many companies are ill-equipped to deal with such threats. Nearly 19,000 files totalling 14.3 gigabytes that appear for the search term "KKNP" - an acronym for the nuclear plant - in the data have been online since June 11, according to independent cybersecurity researcher Rakesh Krishnan, who first alerted Reuters to the leak.
Reuters reviewed the documents, which were dated from 2016 to mid-2025, but could not verify their authenticity. In addition to some blueprints and supplier details, they purportedly show meeting and inspection records, equipment reviews and insurance policies. The 19,000 files appeared to be the most sensitive of a total 858,000 Reliance files on the World Leaks website. One of the conglomerate's subsidiaries, Reliance Infrastructure, won a contract in 2018 to design and build infrastructure for the plant's Unit 3 and Unit 4. Both units, still under construction, are due to be operational by 2027 and are slated to provide a combined 2,000 megawatts of capacity. World Leaks, a well-known ransomware group that has previously targeted Nike and India's Tata Group, did not respond to Reuters queries on the Reliance data breach. The group typically posts stolen corporate data on its website after companies decline to pay the ransom demanded. Its website can only be accessed with a specialised browser. In June, World Leaks told Reuters it had sought $1.5 million in ransom for Tata Group files that contained confidential component designs of clients Apple and Tesla, adding that it posted the data after Tata "ignored" its demand. Suspicious Activity on Server in May The Nuclear Power Corporation of India, which commissions and operates the country's nuclear power plants, has been communicating with Reliance about the breach and India's main cybersecurity agency — the Indian Computer Emergency Response Team (CERT-In) — is looking into the incident, according to a source familiar with the matter.
