NEW DELHI, July 15 Thousands of files linked to India’s largest nuclear power plant have reportedly been exposed in a data breach after ransomware group World Leaks published documents on the dark web, raising fresh concerns over cybersecurity and the protection of critical infrastructure.
The leaked material allegedly includes blueprints of parts of the Kudankulam Nuclear Power Plant, supplier information, meeting records, equipment reviews and insurance documents related to the facility in the southern state of Tamil Nadu.
The Kudankulam Nuclear Power Plant is India’s largest nuclear facility and plays a key role in the country’s plans to expand nuclear power generation.
Reliance Group, one of the project’s contractors, confirmed that there had been a “partial breach” involving data stored on a server hosted by third-party data centre provider Yotta. The company said the incident had been reported to the government but did not disclose the nature or extent of the compromised information.
Reuters reviewed documents dated between 2016 and mid-2025 but said it could not independently verify their authenticity.
According to the report, around 19,000 files relating to the nuclear plant appeared among approximately 858,000 files allegedly stolen from Reliance Group and published by the ransomware group.
Reliance Infrastructure secured a contract in 2018 to design and build infrastructure for Units 3 and 4 of the Kudankulam plant, both of which are under construction and expected to become operational by 2027 with a combined generation capacity of 2,000 megawatts.
World Leaks, a ransomware group previously linked to cyberattacks targeting major international companies, did not respond to requests for comment. The group typically publishes stolen data after organisations refuse to pay ransom demands.
Yotta said it detected suspicious activity on a server used by Reliance Infrastructure on May 29 and immediately terminated the activity, preventing the suspected ransomware from executing. However, it said Reliance later informed the company that external threat actors had claimed responsibility for a data breach.
The data centre provider said it had shared the findings of its technical investigation with Reliance Infrastructure and was supporting the ongoing inquiry.
According to a source familiar with the matter, India’s Computer Emergency Response Team (CERT-In) is investigating the incident in coordination with the Nuclear Power Corporation of India and Reliance Infrastructure.
The chairman of the Nuclear Power Corporation, India’s Department of Atomic Energy and the Prime Minister’s Office did not respond to Reuters’ requests for comment.
Cybersecurity experts warned that even if the leaked documents do not involve the reactors’ core systems, the information could still present security risks.
Nickolas Roth, Senior Director at the Nuclear Threat Initiative, said the leaked files could potentially help adversaries identify support systems, suppliers and vulnerabilities associated with the facility.
The report noted that the leaked documents do not appear to involve reactor core technology supplied by Russia’s state-owned Rosatom. However, they reportedly include layouts of ventilation and cooling systems, control room plans, supplier lists, inspection records and insurance documents.
One document reportedly indicated that Reliance Infrastructure and the Nuclear Power Corporation had obtained insurance coverage worth approximately $112 million against potential terrorist attacks affecting Units 3 and 4.
The incident comes as India continues to face growing cybersecurity challenges. According to cybersecurity company Surfshark, India recorded 28.9 million compromised accounts last year, making it the third-most affected country globally after the United States and France.
A separate industry report found that many organisations in India remain inadequately prepared to deal with cyber threats, with a significant number unaware of previous attacks and lacking basic cybersecurity practices.
The Kudankulam Nuclear Power Plant was previously linked to a cyber incident in 2019, when malware associated with a North Korean hacking group was detected on its administrative network. Authorities at the time said the plant’s operational systems were not affected.





