Thousands of files linked to India’s largest nuclear power plant, Kudankulam, have been exposed in an alleged ransomware-related data breach, raising fresh concerns over the cybersecurity of critical infrastructure. According to a Reuters investigation, the ransomware group World Leaks published nearly 19,000 files (about 14.3 GB) on the dark web, claiming they were stolen from Reliance Infrastructure, a contractor working on Units 3 and 4 of the Kudankulam Nuclear Power Plant in Tamil Nadu.
The leaked documents reportedly include blueprints, supplier information, meeting records, inspection reports, equipment reviews, and insurance documents dating from 2016 to mid-2025. Reuters reviewed the files but said it could not independently verify their authenticity. Importantly, the exposed material does not appear to include the nuclear reactors’ core systems, which are supplied by Russia’s state-owned nuclear company Rosatom.
Thousands of Kudankulam-Related Files Leaked
The incident is being investigated by Indian authorities.
| Key Highlights | Details |
|---|---|
| Facility | Kudankulam Nuclear Power Plant |
| Location | Tamil Nadu, India |
| Alleged source | Reliance Infrastructure contractor data |
| Files exposed | Nearly 19,000 |
| Data size | Around 14.3 GB |
| Current status | Under investigation |
The files were reportedly posted online by the ransomware group World Leaks after an alleged breach involving contractor systems.
What the Leaked Files Contain
According to Reuters’ review, the leaked documents reportedly include:
- Infrastructure blueprints.
- Ventilation and cooling system layouts.
- Supplier and vendor information.
- Equipment inspection records.
- Meeting and project documentation.
- Insurance policies.
- Construction-related documents for Units 3 and 4.
The documents span nearly a decade of project activity and primarily relate to infrastructure supporting the plant’s expansion.
Reactor Systems Not Believed to Be Affected
A key distinction highlighted by investigators is that:
- No evidence currently indicates the reactor control systems were compromised.
- The leaked files appear linked to contractor documentation rather than operational reactor systems.
- Russia’s Rosatom supplies the reactor technology used at Kudankulam.
- The alleged breach mainly involves engineering and project management documents.
Response From Stakeholders
| Organization | Response |
|---|---|
| Reliance Infrastructure | Confirmed a partial data breach involving a server hosted by Yotta |
| Yotta | Said suspicious activity was detected and stopped in May but could not independently verify the ransomware group’s claims |
| NPCIL | Coordinating with Reliance; investigation ongoing |
| CERT-In | Investigating the incident |
Reliance Infrastructure said the government had been informed but did not specify which files had been compromised.
Why Experts Are Concerned
Cybersecurity experts warn that even if reactor systems remain secure, leaked engineering documents could still create risks.
Potential concerns include:
- Mapping of support infrastructure.
- Identification of suppliers and contractors.
- Exposure of engineering layouts.
- Better understanding of facility logistics.
- Possible targeting of the nuclear supply chain.
Experts caution that such information could assist future cyber or physical attacks if combined with other intelligence.
Part of a Larger Cybersecurity Trend
The incident highlights broader cybersecurity challenges affecting critical infrastructure.
Key trends include:
- Increasing ransomware attacks.
- Targeting of contractors rather than core operators.
- Growing threats to industrial infrastructure.
- Supply-chain cyber risks.
- Rising attacks on energy and utility sectors.
Kudankulam was previously linked to a cyber incident in 2019, when malware infected an administrative network. Authorities said at the time that operational systems remained isolated and unaffected.
Challenges Ahead
Authorities will need to determine:
- Whether all leaked files are authentic.
- The full scope of the contractor data breach.
- Whether additional systems were affected.
- If any sensitive information poses operational risks.
- What further cybersecurity measures are required.
Investigations by CERT-In and other agencies are ongoing.
Outlook
The alleged exposure of thousands of Kudankulam-related documents underscores the growing cybersecurity risks facing critical infrastructure projects, even when core operational systems remain isolated. Increasingly, attackers are targeting contractors and third-party vendors, whose networks may have weaker defenses than the facilities they support. If confirmed, the breach highlights the importance of securing the broader supply chain surrounding strategic infrastructure.
While there is currently no evidence that the plant’s nuclear reactor control systems were compromised, the reported leak of engineering documents, supplier information, and project records could still present security concerns. The findings of the ongoing investigations by CERT-In and the Nuclear Power Corporation of India will be crucial in determining the breach’s full impact and whether additional safeguards are needed.
What It Means for India’s Critical Infrastructure
The incident serves as a reminder that protecting critical infrastructure extends beyond operational technology to include contractors, engineering firms, cloud providers, and project management systems. As infrastructure projects become more digitally connected, cybersecurity across the entire ecosystem becomes increasingly important.
For India, which plans significant expansion of its nuclear power capacity, strengthening cyber resilience throughout the supply chain—including third-party vendors and data hosting partners—will be essential to reducing future risks while safeguarding strategically important projects.
Get the day’s top stories in your inbox
One concise email. No spam, unsubscribe anytime.