India’s cybersecurity agency probes breach at Kudankulam nuclear facility
The Indian Computer Emergency Response Team is investigating a data leak linked to Reliance Group, while experts warn of potential safety risks despite official assurances.

India’s primary cybersecurity authority, the Indian Computer Emergency Response Team (CERT-In), has launched an investigation into a significant data breach affecting the Kudankulam Nuclear Power Plant. The probe follows the publication of approximately 19,000 files on the dark web by the ransomware collective World Leaks, which purportedly contain blueprints and supplier details for India’s largest nuclear facility.
The leaked data, searchable under the acronym “KKNP”, was hosted on a server provided by third-party infrastructure firm Yotta. Reliance Group, a major contractor involved in the plant’s construction, confirmed a “partial breach” of its data but did not specify the exact nature of the compromised information. The conglomerate stated that the government had been informed of the incident.
Documents reviewed by Reuters, dated between 2016 and mid-2025, allegedly include meeting records, inspection logs, equipment reviews, and insurance policies alongside technical blueprints. Independent cybersecurity researcher Rakesh Krishnan first alerted news agencies to the leak, which totals 14.3 gigabytes. While Reuters could not independently verify the authenticity of the documents, they appear to represent a subset of a larger cache of 858,000 files held by the ransomware group.
The Nuclear Power Corporation of India (NPCIL), which operates the facility in Tamil Nadu, maintained that the breach did not compromise nuclear security. In a statement, the corporation asserted that the information available in the public domain pertains only to common service facilities and does not relate to nuclear safety or security-related systems. The NPCIL has been in communication with Reliance regarding the incident.
Despite official assurances, external experts have raised concerns. Nickolas Roth, a senior director at the Nuclear Threat Initiative, warned that the breach could pose a “serious” risk to the plant’s safety. The incident highlights broader vulnerabilities within India’s corporate sector, where many organisations are considered ill-equipped to handle sophisticated cyber threats.
World Leaks, known for targeting major entities such as Nike and the Tata Group, typically publishes stolen data after ransom demands are ignored. The group did not respond to queries regarding the Kudankulam files. The breach impacts Reliance Infrastructure, a subsidiary holding a contract for Units 3 and 4 of the plant, which are currently under construction and expected to be operational by next year.


