Is Kudankulam Nuclear Plant Safe? What We Know About the KKNPP Data Leak by World Leaks
A ransomware group reportedly leaked 14.3GB of files linked to India’s largest nuclear plant, Kudankulam, via contractor Reliance Infrastructure. Exposed documents include engineering layouts and control room floor plans. While authorities deny threats to core reactor safety, experts warn the breach exposes critical supply chain vulnerabilities.
A major cybersecurity investigation is underway after a ransomware group reportedly leaked thousands of files related to India’s largest nuclear facility, the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu. The ransomware entity known as World Leaks published approximately 19,000 documents totaling roughly 14.3 gigabytes of data on the dark web, as reported by Reuters. The data was allegedly stolen from systems managed by Reliance Infrastructure, a contractor tasked with building support systems for the plant's ongoing expansion.
Scope of the Breach
The exposed cache consists of documents dated between 2016 and mid-2025. According to Reuters, the files include engineering plans, supplier information, meeting logs, equipment inspection reviews, and floor layouts of a common control room. The data also includes blueprints for ventilation and cooling networks designed for Units 3 and 4 of the facility, which are currently under construction and slated to become operational by 2027.
Reliance Group, led by businessman Anil Ambani, confirmed that a "partial breach" occurred on a server hosted by its third-party data center service provider, Yotta. The conglomerate stated that it had informed the government of the incident but did not publicly clarify the exact nature of the compromised data.
NPCIL Denies Safety Risks
Following the report, the Nuclear Power Corporation of India Limited (NPCIL) issued a statement downplaying immediate risks to nuclear operations. NPCIL clarified that the breach involves only conventional Balance of Plant (BoP) infrastructure. These systems are similar to those used in traditional thermal power plants and are not connected to core nuclear safety or security components.
The primary nuclear reactor core systems at Kudankulam are supplied by Russia's state-owned nuclear corporation, Rosatom, and do not appear to be part of the leaked information. Indian authorities, including the country's central cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), are actively investigating the situation.
Cybersecurity Implications
Despite assurances from official bodies that core safety systems remain isolated, international experts have raised concerns. Speaking to Reuters, Nickolas Roth, a senior director at the Nuclear Threat Initiative, noted that the breach could still present a "serious" risk to the facility's broader security posture.
Cybersecurity researchers warn that the leaked layout plans, vendor contacts, and engineering schematics could potentially allow malicious actors to map the physical infrastructure, spot logistical vulnerabilities, or coordinate subsequent targeted actions against the plant's supply chain.
About Kudankulam Nuclear Power Plant
The Kudankulam facility is a cornerstone of India's long-term plan to aggressively scale up its domestic atomic energy capacity. Once Units 3 and 4 are finalized, they are expected to bring an additional 2,000 megawatts of capacity to the national grid.
This is not the first time the high-profile site has faced a digital threat. In 2019, malware linked to a North Korean hacking group was discovered on the plant's administrative network, though officials at the time verified that the operational systems remained unaffected.
(The above story first appeared on LatestLY on Jul 16, 2026 01:16 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).