
A ransomware group has published thousands of files allegedly linked to the Kudankulam Nuclear Power Plant, India’s largest nuclear power facility, in what cybersecurity experts describe as a potentially serious breach, Reuters reported.
The leaked data, posted on the dark web by ransomware group World Leaks, reportedly includes purported blueprints of parts of the plant, supplier details, meeting records, inspection reports, equipment reviews and insurance documents. Reuters said it reviewed the files, dated between 2016 and mid-2025, but could not independently verify their authenticity.

Reuters noted that the leaked files do not appear to involve the nuclear reactors’ core systems, which are supplied by Russia’s state-owned Rosatom.
Reliance confirms ‘partial breach’
Anil Ambani-led Reliance Group, one of the contractors for the Kudankulam project, confirmed that there had been a “partial breach” involving data stored on a server hosted by third-party data centre provider Yotta.
The company said the incident has been reported to the government but did not specify what data had been compromised.

Kudankulam nuclear power project in the southern Indian state of Tamil Nadu. REUTERS
CERT-In examining the incident
According to Reuters, the Nuclear Power Corporation of India (NPCIL) has been in touch with Reliance regarding the breach, while the Indian Computer Emergency Response Team (CERT-In) is investigating the matter.
NPCIL Chairman Rajesh Veeraraghavan, CERT-In and the government’s press office did not respond to Reuters’ requests for comment. The Department of Atomic Energy declined to comment, while the Prime Minister’s Office also did not respond.

A policeman walks on a beach near Kudankulam nuclear power project in the southern Indian state of Tamil Nadu. REUTERS
Yotta detected suspicious server activity
Yotta said it detected suspicious activity on a Reliance Infrastructure server on May 29 and immediately terminated it, preventing the suspected ransomware execution.
However, the company said Reliance Infrastructure informed it at the end of June that external threat actors had claimed a data breach. Yotta said it has not independently verified those claims but has shared its technical findings with Reliance and is supporting the ongoing investigation.

Police patrol on a beach near Kudankulam nuclear power project in the southern Indian state of Tamil Nadu. REUTERS
Experts warn of potential security risks
Nickolas Roth, Senior Director at the Nuclear Threat Initiative, told Reuters the breach could pose a “serious” safety risk if authentic.
He said such information could allow adversaries to map support systems, identify suppliers and locate potential weaknesses in the plant’s security chain.
World Leaks’ previous attacks
Reuters reported that World Leaks is a known ransomware group that has previously targeted companies including Nike and Tata Group.
The group typically publishes stolen corporate data after companies refuse to pay ransom demands. Reuters said World Leaks did not respond to queries regarding the Reliance breach.

Kudankulam linked to previous cyber incident
This is the second known cyber-related incident involving the Kudankulam Nuclear Power Plant.
In 2019, malware linked to a North Korean hacker group was detected on the plant’s administrative network. At the time, NPCIL said the incident had been investigated and that the plant’s operational systems were unaffected.
India among worst-hit countries for data breaches
According to cybersecurity firm Surfshark, cited by Reuters, India ranked third globally in data breaches last year, with 28.9 million accounts compromised, behind only the United States and France.
A separate report by the Data Security Council of India and cybersecurity firm Seqrite found that 73% of surveyed organisations were unaware whether they had ever been attacked, while 57% lacked basic cyber hygiene practices.



