India’s Largest Nuclear Power Plant Affected by a Data Breach
A massive cache of materials pertaining to India’s largest nuclear facility, including alleged designs of some of its buildings and supplier credentials, has been uploaded to the dark web by the ransomware group World Leaks. The group claimed that the information came from Reliance Group.
Tamil Nadu, India: The largest of India’s seven nuclear facilities, the Kudankulam Nuclear Power Plant is situated in the southern state of Tamil Nadu and is essential to Prime Minister Narendra Modi’s ambitious aspirations to increase the nation’s capacity for atomic energy.
One of the plant’s contractors, Reliance Group, owned by Indian industrialist Anil Ambani, told Reuters in a statement that the government had been notified of a “partial breach” of its data on a server run by Yotta, a third-party Indian data center service provider.
Reliance did not reveal the specific data that had been compromised.
According to Nickolas Roth, a senior director at the Nuclear Threat Initiative, which counsels governments and evaluates nations’ nuclear security readiness, the data leak could present a “serious” risk to the plant’s safety. The breach also highlights how hacking have increased in frequency in India, where many businesses are ill-prepared to handle such risks.
After reviewing the documents, which ranged in date from 2016 to mid-2025, Reuters was unable to confirm their veracity. They allegedly display meeting and inspection records, equipment reviews, insurance policies, and certain drawings and supplier information.
Out of the 858,000 Reliance files on the World Leaks website, the 19,000 files seemed to be the most critical.
In 2018, Reliance Infrastructure, one of the company’s subsidiaries, was awarded a contract to design and construct the infrastructure for Units 3 and 4 of the plant. The two plants, which are still under construction, are expected to have a combined capacity of 2,000 megawatts and be operational by 2027.
Reuters’ inquiries over the Reliance data theft were not answered by World Leaks, a well-known ransomware outfit that has previously targeted Nike and India’s Tata outfit. When businesses refuse to pay the proposed ransom, the organization usually posts stolen corporate data on its website. A dedicated browser is required to view its website.
World Leaks told Reuters in June that it had demanded $1.5 million in ransom for Tata Group files that included proprietary component designs for customers Apple and Tesla. It further stated that it had posted the information after Tata “ignored” its request.

Suspicious Activity on Server in May
According to a source familiar with the situation, Reliance has been informed about the breach by the Nuclear Power Corporation of India, which commissions and runs the nation’s nuclear power plants. The Indian Computer Emergency Response Team (CERT-In), India’s primary cybersecurity agency, is investigating the incident. Because of the delicate nature of the matter, the source declined to be named.
Repeated demands for response were not answered by CERT-In, the government’s primary press office, or Rajesh Veeraraghavan, chairman of the Nuclear Power Corporation.
In a statement, Yotta revealed that on May 29, it discovered unusual behavior on a server it maintains that is owned by Reliance Infrastructure. It claimed that the activity was stopped right away and that the suspected ransomware execution was stopped, but at the end of June, Reliance Infrastructure notified it that “external threat actors” had reported a data breach.
Yotta stated that it has shared its thorough technical analysis with Reliance Infrastructure and supports an ongoing investigation, but it has not been able to confirm the “threat actor’s” assertions.
Modi’s office did not answer questions from Reuters, and India’s Department of Atomic Energy declined to comment.
Blueprints and Insurance Policies
The core systems of the nuclear reactors, which are supplied by Russia’s state-owned Rosatom, do not seem to be related to the materials that were made public on World Leaks.
They did include what looked to be the full floor plan of a “common control room,” as well as alleged plans for the ventilation and cooling systems utilized in Units 3 and 4.
A list of approved suppliers, what appeared to be vendor proposals, and a record of a 2024 discussion regarding a joint inspection by Reliance and the Nuclear Power Corporation, together with equipment images, were also included in the files.
According to a different document, Reliance Infrastructure and the Nuclear Power Corporation obtained insurance coverage that would pay them $112 million in the event that either Unit 3 or Unit 4 experienced a terrorist attack.
According to researchers, the information might theoretically be used by malicious actors to map the plant’s support systems, identify its suppliers, and detect security chain flaws.
According to Roth of the Nuclear Threat Initiative, they might “show an adversary not just who has access to the project but which systems that access reaches.”
According to cybersecurity firm Surfshark, India is ranked third among nations experiencing the most data breaches, with 28.9 million accounts affected last year, trailing only the US and France.
According to a research published last year by the Data Security Council of India and cybersecurity company Seqrite, 57% of the 204 Indian firms examined lacked cyber hygiene standards, and 73% were “unaware if they have ever been attacked.”
Additionally, malware connected to a North Korean hacking organization was discovered on the Kudankulam facility’s administration network in 2019, marking the second time the plant has been connected to a cyber incident. The Nuclear Power Corporation claimed at the time that plant systems were unaffected and that the issue was looked into right away.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Real-Time Deepfake Detection for Enterprise Meetings | Polygraf AI Meeting Guard