Highlights
- Reliance Group confirms a partial data breach involving a third-party server.
- Nearly 19,000 files linked to the Kudankulam project appeared on the dark web.
- Experts warn the documents could help attackers understand the plant's support infrastructure.
THOUSANDS of documents linked to India's largest nuclear power plant have been published on the dark web following a cyber breach affecting one of the project's contractors, raising concerns over the security of sensitive infrastructure information.
The files, claimed by the ransomware group World Leaks, relate to the Kudankulam Nuclear Power Plant in Tamil Nadu, a key part of India's plans to expand nuclear energy generation.
Reliance Group, led by businessman Anil Ambani and one of the project's contractors, confirmed that a "partial breach" had affected data stored on a server hosted by Indian data centre provider Yotta. The company said the incident had been reported to the government but did not disclose what information had been compromised.
Independent cybersecurity researcher Rakesh Krishnan said almost 19,000 files, amounting to 14.3GB of data, have been available online since June 11. Reuters reviewed the documents but said it could not independently verify their authenticity.
The files, dated between 2016 and mid-2025, appear to include blueprints for parts of the facility, supplier information, inspection records, meeting minutes, equipment reviews and insurance documents. They represent what appears to be the most sensitive portion of about 858,000 Reliance files published by the ransomware group.
Reliance Infrastructure secured the contract in 2018 to design and build infrastructure for Units 3 and 4 of the Kudankulam plant. Both reactors remain under construction and are expected to begin operations in 2027, adding a combined 2,000 megawatts of electricity generation capacity.
World Leaks has previously claimed responsibility for cyberattacks targeting major companies, including Tata Group and Nike. The group typically publishes stolen data after organisations refuse to pay ransom demands. It did not respond to Reuters' requests for comment.
'Information related only to common service facilities'
The Nuclear Power Corporation of India (NPCIL), which operates the country's nuclear power stations, said after publication of the Reuters report that the information available online related only to common service facilities and did not concern nuclear safety or nuclear security systems.
A source familiar with the matter said NPCIL has been in contact with Reliance over the breach and that the Indian Computer Emergency Response Team (CERT-In) is investigating the incident. India's Department of Atomic Energy declined to comment, while CERT-In and the Prime Minister's Office did not respond to Reuters.
Yotta said it detected suspicious activity on a Reliance Infrastructure server on May 29 and immediately stopped the suspected ransomware attempt. It added that Reliance informed it at the end of June that external threat actors had claimed a data breach. Yotta said it has been unable to verify those claims but has shared the findings of its technical investigation with Reliance and is supporting the ongoing inquiry.
Although the leaked documents do not appear to involve the nuclear reactors' core systems, which are supplied by Russia's state-owned Rosatom, they reportedly include ventilation and cooling system drawings for Units 3 and 4, the layout of a common control room, supplier proposals, approved vendor lists, inspection records and photographs of equipment.
One document also appears to show an insurance policy worth $112 million covering Units 3 and 4 against acts of terrorism.
Cybersecurity experts said such information could still be valuable to attackers by revealing details about support infrastructure, contractors and supply chains.
Nickolas Roth, senior director at the Nuclear Threat Initiative, said the documents could help adversaries identify who has access to the project and which systems they can reach.
The incident follows a malware attack linked to a North Korean hacking group on Kudankulam's administrative network in 2019. NPCIL said at the time that the plant's operational systems had not been affected.
(with inputs from Reuters)






