Kudankulam Nuclear Plant Data Breach — What Happened?
The ransomware group World Leaks posted nearly 19,000 files from India's largest nuclear plant — the Kudankulam Nuclear Power Plant
7/16/20262 min read
🔴 Kudankulam Nuclear Plant Data Breach — What Happened?
The Attack
The ransomware group World Leaks posted nearly 19,000 files from India's largest nuclear plant — the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu — on the dark web, including blueprints and supplier lists, after breaching a server belonging to contractor Reliance Group (Anil Ambani's conglomerate), hosted by data centre provider Yotta. India's largest nuclear plant blueprints leaked online | Cybernews
What Was Leaked?
The leaked documents, dated from 2016 to mid-2025, include blueprints, supplier details, meeting and inspection records, equipment reviews, and insurance policies — totalling 14.3 gigabytes of data. Specifically, the files contain blueprints for the ventilation and cooling systems of Unit 3 and Unit 4, as well as what appears to be the complete floor layout of a "common control room."Hackers leak nuclear blueprints from India's largest plant onto dark web | The Jerusalem Post
Another document reveals that Reliance Infrastructure and the Nuclear Power Corporation held an insurance policy worth $112 million in the event of a terrorism attack on Unit 3 or Unit 4.
How Serious Is the Risk?
The breach poses a "serious" risk to plant safety, according to Nickolas Roth, a senior director at the Nuclear Threat Initiative. The leaked files could allow adversaries to map the plant's support systems, identify suppliers, and pinpoint weaknesses in its security chain — showing "not just who has access to the project but which systems that access reaches."
The Ransom Angle
World Leaks follows a pattern of posting stolen data when companies refuse ransom demands — similar to a recent case where it sought $1.5 million from the Tata Group for files containing confidential designs of Apple and Tesla components.
Timeline
Yotta noticed suspicious activity on May 29, and the suspected ransomware execution was immediately stopped. However, Reliance Infrastructure only informed Yotta about the breach claims at the end of June, and the 19,000 sensitive files had been online since June 11.
India's Broader Cyber Problem
India ranks third globally for data breaches, with 28.9 million accounts compromised last year. Among 204 Indian organisations surveyed, 73% were unaware if they had ever been attacked, and 57% lack basic cyber hygiene practices.
This is also the second time Kudankulam has been linked to a cyber incident — in 2019, malware tied to a North Korean hacker group was found on the plant's administrative network.