Cyberattack Raises Security Concerns After Nuclear Plant Data Allegedly Leaked in India

A major cybersecurity incident has raised fresh concerns in India after ransomware group World Leaks claimed to have published thousands of files allegedly linked to the Kudankulam Nuclear Power Plant, the country’s largest nuclear facility.

According to Reuters, the hackers uploaded a large cache of documents on the dark web, including what they claimed were engineering blueprints, supplier information, inspection records and other sensitive files connected to the nuclear project. The ransomware group said the data originated from Reliance Group, one of the contractors involved in the plant’s expansion.

Reliance Group, led by businessman Anil Ambani, acknowledged that a “partial breach” had occurred on a server hosted by third-party data centre provider Yotta, adding that Indian authorities had been informed. However, the company did not disclose the nature or extent of the compromised data.

The Kudankulam Nuclear Power Plant, located in Tamil Nadu, plays a key role in Prime Minister Narendra Modi’s plan to significantly expand India’s nuclear energy capacity. Reliance Infrastructure secured a contract in 2018 to develop infrastructure for Units 3 and 4, which are expected to become operational by 2027.

Reuters reviewed the leaked documents but said it could not independently verify their authenticity. The files reportedly include ventilation and cooling system blueprints, supplier lists, equipment inspection reports, insurance documents and layouts of a common control room.

Cybersecurity experts warned that if genuine, the leaked information could expose sensitive operational details that may assist hostile actors in identifying potential vulnerabilities within the facility’s support systems and supply chain.

Nickolas Roth, Senior Director at the Nuclear Threat Initiative, described the alleged breach as a potentially serious security concern, noting that such information could help adversaries better understand access points and infrastructure supporting the nuclear facility.

India’s Computer Emergency Response Team (CERT-In) and the Nuclear Power Corporation of India (NPCIL) are reportedly investigating the incident alongside Reliance Infrastructure. Data centre provider Yotta said it detected suspicious activity on one of Reliance Infrastructure’s servers in late May and immediately blocked an attempted ransomware attack. However, the company later learned that external threat actors had claimed responsibility for a data breach.

World Leaks, a ransomware group previously linked to attacks on major global companies, allegedly demanded ransom payments before publishing the files after negotiations failed.

The reported breach comes as India faces growing cybersecurity challenges. According to cybersecurity firm Surfshark, India recorded nearly 28.9 million compromised accounts last year, making it one of the countries most affected by data breaches worldwide.

The Kudankulam nuclear facility has previously faced cybersecurity concerns. In 2019, malware linked to a North Korean hacking group was detected on the plant’s administrative network, although Indian authorities said operational systems were not impacted.