Key Takeaways
India Probes Kudankulam Nuclear Plant 'Data Breach' | WION News

- Ransomware group World Leaks published 858,000 files related to India's Kudankulam Nuclear Power Plant, including blueprints and supplier information
- The breach originated from Reliance Infrastructure's servers hosted by data center provider Yotta, not from nuclear plant systems directly
- Security experts warn the exposed supply chain data could pose serious risks to plant safety, even without direct reactor system compromise
Ransomware group World Leaks has published a massive cache of files related to India's Kudankulam Nuclear Power Plant on the dark web. The 858,000 files, sourced from contractor Reliance Group, include purported blueprints of facility components, supplier details, meeting records, and equipment reviews. Reliance confirmed to Reuters that a "partial breach" occurred on servers hosted by Indian data center provider Yotta.
The breach did not compromise the nuclear reactors' core systems, which are supplied by Russia's Rosatom. But the exposed documents reveal significant infrastructure details. Among the 19,000 files flagged as most sensitive: ventilation and cooling system blueprints for Units 3 and 4, the complete floor layout of a control room, vendor proposals, approved supplier lists, and inspection records with equipment photos.
How the breach happened
Yotta detected suspicious activity on May 29 on a server belonging to Reliance Infrastructure. The company says it immediately terminated the activity and prevented ransomware execution. But at the end of June, Reliance informed Yotta that external threat actors were claiming to have exfiltrated data. The documents posted online span from 2016 to mid-2025.
Reliance Infrastructure won a contract in 2018 to design and build infrastructure for Kudankulam's Units 3 and 4, both still under construction. These units are scheduled to become operational by 2027, adding 2,000 megawatts of combined capacity to India's grid. The leaked files appear to relate specifically to this work.
World Leaks operates like most ransomware groups: steal corporate data, demand payment, publish if refused. The group previously targeted Nike and India's Tata Group. In June, World Leaks told Reuters it had demanded $1.5 million from Tata for files containing confidential component designs for Apple and Tesla. When Tata "ignored" the demand, the group published the data.
Why supply chain exposure matters for nuclear security
The leaked files don't touch reactor control systems. That's the good news. The concern is what attackers can do with detailed supply chain information. Nickolas Roth, senior director at the Nuclear Threat Initiative, told Reuters the breach could pose a "serious" risk to plant safety.
Consider what's now public: approved vendor lists, equipment specifications, inspection protocols, and facility layouts. A sophisticated adversary could use this information to identify weak links in the supply chain, understand security procedures, or plan physical attacks. The control room floor plan alone provides intelligence that nuclear facilities typically guard closely.
This is Kudankulam's second major cybersecurity incident. In 2019, the plant confirmed a malware attack attributed to North Korean hackers using DTrack malware. Officials claimed operational systems remained safe because they're air-gapped from external networks. That defense doesn't apply when contractors store sensitive documents on internet-connected servers.
India's response so far
The Nuclear Power Corporation of India (NPCIL) has been communicating with Reliance about the breach. India's main cybersecurity agency, CERT-In, is investigating. Neither the NPCIL chairman, CERT-In, the Department of Atomic Energy, nor the Prime Minister's office responded to Reuters' requests for comment.
The silence is notable. Nuclear facilities are classified as Critical Information Infrastructure under India's IT Act, which imposes specific security obligations and breach notification requirements. Whether those obligations were met, and what specific data was compromised, remains unclear.
Yotta says it has shared its technical investigation with Reliance Infrastructure but cannot verify World Leaks' claims about what was stolen. Reliance has not disclosed the full scope of breached data.
The contractor security problem
This breach illustrates a common pattern. The nuclear plant itself may have robust security. Its contractors do not. Reliance Infrastructure stored sensitive nuclear facility documents on third-party servers that, despite Yotta's claims of preventing ransomware execution, were clearly exfiltrated before detection.
Reuters notes that hacks have become more common in India, where many companies are "ill-equipped to deal with such threats." For critical infrastructure operators, the lesson is uncomfortable: your security is only as strong as your weakest contractor.
Logicity's Take
The Kudankulam breach exposes a gap that plagues critical infrastructure globally: organizations secure their own perimeters while contractors hold the keys to the kingdom on commodity cloud servers. Nuclear operators, utilities, and defense contractors should be auditing vendor data handling as aggressively as they audit physical access. The 2019 DTrack incident should have triggered this review years ago. The fact that blueprints dated through mid-2025 were on internet-accessible servers suggests those lessons weren't learned. For tech leaders in any sector handling sensitive client data, the question is blunt: would your security posture survive a ransomware group deciding you're worth $1.5 million?
Frequently Asked Questions
Were Kudankulam's nuclear reactor systems compromised?
No. The leaked files relate to contractor Reliance Infrastructure's work on facility infrastructure, not the reactor core systems supplied by Russia's Rosatom. Reactor controls are reportedly air-gapped from external networks.
What data did World Leaks publish?
The group posted 858,000 files, with 19,000 flagged as most sensitive. These include purported blueprints of ventilation and cooling systems, control room floor layouts, vendor proposals, approved supplier lists, and inspection records with equipment photos.
How much ransom did World Leaks demand?
The ransom amount for Reliance data hasn't been disclosed. For comparison, World Leaks demanded $1.5 million from Tata Group in a separate breach earlier in 2025.
Is Kudankulam still operational?
Units 1 and 2 are operational with 2,000 MW capacity. Units 3 and 4, which the leaked documents relate to, are under construction and scheduled to come online by 2027.
Has this happened to Kudankulam before?
Yes. In 2019, the plant confirmed a malware attack attributed to North Korean hackers using DTrack malware, though officials said operational systems were not affected.
How companies are rethinking data security and vendor control in sensitive environments
Need Help Implementing This?
Building a security posture that accounts for contractor and vendor risks requires systematic auditing and monitoring. Contact Logicity's consulting partners to review your supply chain security practices and incident response readiness.
Source: Tech-Economic Times / ET
Huma Shazia
Senior AI & Tech Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.
Related Articles
More in Trending Tech
AI Revolution: How Tech is Transforming the World, One Industry at a Time
From desalination plants in Iran to AI-powered manufacturing, the tech world is abuzz with innovation. Discover how AI is changing the game for small entrepreneurs and what it means for the future of industry. Explore the latest developments in cybersecurity, robotics, and more.

Revolutionizing AI: The Game-Changing Tech That's Making Agents Smarter
A new technology is set to revolutionize the way AI agents learn and adapt, enabling them to accumulate wisdom and apply it to new situations. This innovation has the potential to significantly boost the reliability of AI agents, especially in complex tasks. By converting raw agent trajectories into reusable guidelines, this tech is poised to transform the AI landscape.

The Dark Side of AI: How Bots Are Fueling a Monetized Abuse Ecosystem
A recent analysis of 2.8 million Telegram messages reveals a shocking truth: AI-powered bots are being used to create and sell non-consensual intimate images. These bots can turn ordinary photos into synthetic nude images, and the abuse is being monetized through affiliate programs and subscription-based archives. The researchers behind the study are calling for stricter regulations to combat this growing problem.

AI's Secret Sauce: How Journalism Became the Unlikely Ingredient
A recent study reveals that AI chatbots rely heavily on journalistic sources for their quotes, with one in four coming from news outlets. This shocking discovery has significant implications for the media industry and our understanding of AI's information gathering processes. As AI technology continues to evolve, it's essential to consider the role of journalism in shaping its responses.

