Thousands of files linked to India’s largest nuclear power plant, Kudankulam, have been exposed in an alleged ransomware-related data breach, raising fresh concerns over the cybersecurity of critical infrastructure. According to a Reuters investigation, the ransomware group World Leaks published nearly 19,000 files (about 14.3 GB) on the dark web, claiming they were stolen from Reliance Infrastructure, a contractor working on Units 3 and 4 of the Kudankulam Nuclear Power Plant in Tamil Nadu.

The leaked documents reportedly include blueprints, supplier information, meeting records, inspection reports, equipment reviews, and insurance documents dating from 2016 to mid-2025. Reuters reviewed the files but said it could not independently verify their authenticity. Importantly, the exposed material does not appear to include the nuclear reactors’ core systems, which are supplied by Russia’s state-owned nuclear company Rosatom.

Thousands of Kudankulam-Related Files Leaked

The incident is being investigated by Indian authorities.

Key HighlightsDetails
FacilityKudankulam Nuclear Power Plant
LocationTamil Nadu, India
Alleged sourceReliance Infrastructure contractor data
Files exposedNearly 19,000
Data sizeAround 14.3 GB
Current statusUnder investigation

The files were reportedly posted online by the ransomware group World Leaks after an alleged breach involving contractor systems.

What the Leaked Files Contain

According to Reuters’ review, the leaked documents reportedly include:

  • Infrastructure blueprints.
  • Ventilation and cooling system layouts.
  • Supplier and vendor information.
  • Equipment inspection records.
  • Meeting and project documentation.
  • Insurance policies.
  • Construction-related documents for Units 3 and 4.

The documents span nearly a decade of project activity and primarily relate to infrastructure supporting the plant’s expansion.

Reactor Systems Not Believed to Be Affected

A key distinction highlighted by investigators is that:

  • No evidence currently indicates the reactor control systems were compromised.
  • The leaked files appear linked to contractor documentation rather than operational reactor systems.
  • Russia’s Rosatom supplies the reactor technology used at Kudankulam.
  • The alleged breach mainly involves engineering and project management documents.

Response From Stakeholders

OrganizationResponse
Reliance InfrastructureConfirmed a partial data breach involving a server hosted by Yotta
YottaSaid suspicious activity was detected and stopped in May but could not independently verify the ransomware group’s claims
NPCILCoordinating with Reliance; investigation ongoing
CERT-InInvestigating the incident

Reliance Infrastructure said the government had been informed but did not specify which files had been compromised.

Why Experts Are Concerned

Cybersecurity experts warn that even if reactor systems remain secure, leaked engineering documents could still create risks.

Potential concerns include:

  • Mapping of support infrastructure.
  • Identification of suppliers and contractors.
  • Exposure of engineering layouts.
  • Better understanding of facility logistics.
  • Possible targeting of the nuclear supply chain.

Experts caution that such information could assist future cyber or physical attacks if combined with other intelligence.

Part of a Larger Cybersecurity Trend

The incident highlights broader cybersecurity challenges affecting critical infrastructure.

Key trends include:

  • Increasing ransomware attacks.
  • Targeting of contractors rather than core operators.
  • Growing threats to industrial infrastructure.
  • Supply-chain cyber risks.
  • Rising attacks on energy and utility sectors.

Kudankulam was previously linked to a cyber incident in 2019, when malware infected an administrative network. Authorities said at the time that operational systems remained isolated and unaffected.

Challenges Ahead

Authorities will need to determine:

  • Whether all leaked files are authentic.
  • The full scope of the contractor data breach.
  • Whether additional systems were affected.
  • If any sensitive information poses operational risks.
  • What further cybersecurity measures are required.

Investigations by CERT-In and other agencies are ongoing.

Outlook

The alleged exposure of thousands of Kudankulam-related documents underscores the growing cybersecurity risks facing critical infrastructure projects, even when core operational systems remain isolated. Increasingly, attackers are targeting contractors and third-party vendors, whose networks may have weaker defenses than the facilities they support. If confirmed, the breach highlights the importance of securing the broader supply chain surrounding strategic infrastructure.

While there is currently no evidence that the plant’s nuclear reactor control systems were compromised, the reported leak of engineering documents, supplier information, and project records could still present security concerns. The findings of the ongoing investigations by CERT-In and the Nuclear Power Corporation of India will be crucial in determining the breach’s full impact and whether additional safeguards are needed.

What It Means for India’s Critical Infrastructure

The incident serves as a reminder that protecting critical infrastructure extends beyond operational technology to include contractors, engineering firms, cloud providers, and project management systems. As infrastructure projects become more digitally connected, cybersecurity across the entire ecosystem becomes increasingly important.

For India, which plans significant expansion of its nuclear power capacity, strengthening cyber resilience throughout the supply chain—including third-party vendors and data hosting partners—will be essential to reducing future risks while safeguarding strategically important projects.

Get the day’s top stories in your inbox

One concise email. No spam, unsubscribe anytime.