• Ransomware group World Leaks releases 19,000 Kudankulam plant files
• Dark web cache includes plant blueprints, supplier, insurance records
• Experts warn leaked files could expose security vulnerabilities; CERT-In launches probe into incident
BENGALURU: Ransomware group World Leaks has posted on the dark web a huge cache of files related to India’s largest nuclear plant, including purported blueprints of parts of its facilities and supplier details it labelled as coming from Reliance Group.
The Kudankulam Nuclear Power Plant in the southern state of Tamil Nadu is central to Indian Prime Minister Narendra Modi’s ambitious plans to expand the country’s atomic energy capacity.
Indian businessman Anil Ambani’s Reliance Group, a plant contractor, said in a statement there had been a “partial breach” of its data on a server hosted by third-party data centre provider Yotta. Reliance, which did not disclose what data was breached, said the government has been informed.
The data breach could pose a “serious” risk to the safety of the plant, said Nickolas Roth, a senior director at the Nuclear Threat Initiative, which advises governments and benchmarks countries’ preparedness on nuclear security.
Nearly 19,000 files totaling 14.3 gigabytes appearing for the search term “KKNP” — an acronym for the plant — have been online since June 11, according to cybersecurity researcher Rakesh Krishnan. These appeared to be the most sensitive of 858,000 Reliance files on the World Leaks website.
Dated from 2016 to mid-2025, the documents purportedly show meeting and inspection records, equipment reviews, blueprints and insurance policies. They do not appear to relate to the nuclear reactors’ core systems, supplied by Russia’s state-owned Rosatom.
However, they contain purported blueprints for ventilation and cooling systems in Unit 3 and Unit 4, plus the complete floor layout of a common control room.
Reliance Infrastructure won a 2018 contract to build infrastructure for both units, slated to provide a combined 2,000 megawatts of capacity by 2027.
Other files included vendor proposals, approved suppliers and a record of a 2024 joint inspection. Another document purports to show Reliance Infrastructure and the Nuclear Power Corporation had taken out an insurance policy entitling them to $112 million if either unit suffers an act of terrorism.
In the hands of bad actors, the files could theoretically be exploited to map the plant’s support systems, identify suppliers and pinpoint security weaknesses. They could “show an adversary not just who has access to the project but which systems that access reaches”, Roth said.
Yotta said it noted suspicious activity on May 29 on a server it hosts that belongs to Reliance Infrastructure. The activity was immediately terminated and suspected ransomware execution prevented, but Reliance informed it at the end of June about data breach claims made by “external threat actors”.
The Nuclear Power Corporation of India, which operates the plants, has been communicating with Reliance about the breach, and the Indian Computer Emergency Response Team (CERT-In) is looking into the incident.
World Leaks, a well-known ransomware group that previously targeted Nike and India’s Tata Group, typically posts stolen corporate data on its website after companies decline to pay the ransom demanded.
The breach underscores how hacks have become more common in India, where many companies are ill-equipped to deal with such threats.
India ranks third globally for data breaches, with 28.9 million accounts compromised last year, trailing only the US and France, according to cybersecurity company Surfshark.
A report last year by the Data Security Council of India and cybersecurity firm Seqrite said that of 204 organisations surveyed across India, 73pc were unaware if they had ever been attacked, while 57pc lack basic cyber hygiene practices.
This is the second time the Kudankulam plant has been linked to a cyber incident. In 2019, malware tied to a North Korean hacker group was found on the plant’s administrative network. The Nuclear Power Corporation said the matter was investigated immediately and plant systems were not affected.
Published in Dawn, July 16th, 2026






























