World

Hackers expose files linked to India’s Kudankulam nuclear plant

Hackers posted files tied to Kudankulam, India’s biggest nuclear plant, including blueprints and supplier details. The cache raises questions about critical-infrastructure security.

Marcus Williams··2 min read
Published
Listen to this article0:00 min
Hackers expose files linked to India’s Kudankulam nuclear plant
Source: jpost.com

Hackers posted a cache of files tied to India’s Kudankulam nuclear plant, including purported blueprints of facility parts, supplier details and internal papers linked to a contractor on the project. The documents, which were dated from 2016 through mid-2025, could not be authenticated.

The material was said to have been labeled as coming from Reliance Group and to include meeting records, inspection reports, equipment reviews and insurance papers. About 19,000 sensitive files were selected from a larger trove of roughly 858,000 Reliance files posted by the ransomware group World Leaks, a volume that suggests the exposure reached well beyond a narrow set of engineering records. Reliance said there had been a partial breach of data on a server hosted by third-party data center provider Yotta and said the Indian government had been informed. Yotta said it detected suspicious activity on May 29, 2026, on a server belonging to Reliance Infrastructure, terminated the activity immediately and later learned of claims of a data breach.

AI-generated illustration
AI-generated illustration

The stakes are high because Kudankulam is not an ordinary industrial site. Nuclear Power Corporation of India Limited says the plant in Tamil Nadu is India’s largest nuclear facility, with Units 1 and 2 operating at a combined 2,000 MWe. Unit 1 entered commercial operation on December 31, 2014, and Unit 2 followed on March 31, 2017. NPCIL says Units 3 and 4, each planned at 1,000 MWe, are under construction in Tirunelveli district with Russian technical cooperation, and that four more units, KKNPP 3 to 6, have been approved for the site. If completed as planned, the next two units would double the plant’s current operating capacity.

The leak matters less as an embarrassment than as a security test. Nickolas Roth, a senior director in the Nuclear Threat Initiative’s Nuclear Materials Security program, said the breach could pose a "serious" risk to the plant’s safety and highlight how many Indian companies remain ill-equipped to handle cyber threats. World Leaks has a pattern of posting stolen corporate data after ransom demands are not met, and the fact that the group selected files tied to a nuclear supply chain is likely to sharpen scrutiny of contractor networks, hosting arrangements and document handling across India’s infrastructure sector.

Kudankulam’s operating units have already generated scale: NPCIL said Units 1 and 2 crossed 1,00,000 million units of cumulative electricity generation on July 26, 2024. That figure underlines why even incomplete or unverified files tied to the site can trigger alarm among plant operators, regulators and security officials.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in World