India's largest nuclear power facility has become the latest victim of a sophisticated data breach, with a prominent ransomware organisation releasing thousands of sensitive files on the dark web. The Kudankulam Nuclear Power Plant in Tamil Nadu, central to Prime Minister Narendra Modi's nuclear expansion agenda, has been compromised through its contractor Reliance Group, according to the World Leaks ransomware group. The exposed cache comprises approximately 19,000 highly sensitive documents extracted from a total of 858,000 Reliance files, marked as the most critical within the broader dataset now circulating on underground forums.
Reliance Group, controlled by billionaire industrialist Anil Ambani, acknowledged suffering a "partial breach" of information stored on servers managed by Yotta, a third-party Indian data centre operator. The conglomerate stated that relevant government authorities have been informed of the incident but declined to specify which data categories were compromised. This circumspection reflects the sensitive nature of the material, which spans from 2016 to mid-2025 and encompasses technical specifications, operational records, and commercial arrangements connected to the nuclear facility's expansion programme.
The compromised documents reportedly include architectural blueprints for ventilation and cooling infrastructure serving Units 3 and 4, comprehensive floor plans of the plant's central control room, and detailed supplier information sourced from the nuclear operator's supply chain. Additional materials encompass inspection records, equipment assessments, vendor proposals, and copies of insurance documentation. Notably, the files reveal that Reliance Infrastructure and the Nuclear Power Corporation of India maintain a joint terrorism insurance policy valued at $112 million, covering potential losses from either of the two under-construction reactor units.
Reliance Infrastructure secured a 2018 contract to design and construct infrastructure for Units 3 and 4, both slated for operational deployment by 2027 with a combined electrical output of 2,000 megawatts. This work forms a critical element of India's nuclear capacity modernisation strategy, making the integrity of project-related systems and information paramount for national energy security. The exposure of construction details and operational parameters could potentially enable hostile actors to identify vulnerabilities within the plant's layered security architecture and supply chain dependencies.
Nuclear security specialists have characterised the breach as posing "serious" risks to plant safety and operational integrity. Analysts at the Nuclear Threat Initiative, an influential advisory organisation tracking global nuclear security preparedness, warn that the disclosed information could facilitate reconnaissance activities by enabling adversaries to map support systems, identify critical personnel and organisations within the supply chain, and locate potential security weaknesses. The documents do not appear to contain core reactor system specifications, which are supplied exclusively by Russia's state-owned Rosatom, thereby limiting some categories of risk.
Investigations into the breach remain ongoing across multiple institutional levels. Yotta detected suspicious system activity on its servers on 29 May, immediately terminating the connection and preventing suspected ransomware execution. However, Reliance Infrastructure subsequently informed Yotta in late June that external threat actors had claimed responsibility for the data theft. The Nuclear Power Corporation of India, which commissions and operates all seven of the nation's atomic facilities, is liaising with Reliance on remedial measures, whilst India's main cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), is investigating the incident. Prime Minister Modi's office, the Department of Atomic Energy, and other senior officials have declined to comment publicly.
World Leaks, the ransomware group responsible, has previously targeted multinational corporations including Nike and India's Tata Group. In June, the same organisation attempted to extort $1.5 million from Tata for files containing confidential component designs from Apple and Tesla, subsequently publishing the data after the conglomerate declined to negotiate. The group typically operates by exfiltrating corporate information, publishing samples on its dark web site, and demanding payment in exchange for permanent deletion and non-disclosure agreements. The decision to release Reliance material suggests either a refusal to pay ransom or a deliberate strategy to maximise reputational damage and commercial leverage.
This incident represents a recurrent vulnerability within India's critical infrastructure ecosystem. The nation ranks third globally in data breach frequency, with 28.9 million individual accounts compromised during the previous year, surpassed only by the United States and France according to cybersecurity analysis firm Surfshark. More troubling still, a joint assessment by India's Data Security Council and cybersecurity firm Seqrite revealed that approximately 73 percent of organisations surveyed across the country remain uncertain whether they have experienced cyberattacks, whilst 57 percent lack fundamental cyber hygiene protocols and defensive practices.
The Kudankulam facility has previously encountered cyber-related incidents, highlighting systemic vulnerabilities within India's atomic energy sector. In 2019, malware attributed to North Korean state-sponsored hacker groups was discovered on the plant's administrative systems, though officials claimed the intrusion did not compromise core reactor operations. That incident, coupled with the current breach, suggests that India's nuclear infrastructure management organisations face escalating threats from sophisticated adversaries and may require substantially enhanced defensive capabilities and incident response protocols.
For Southeast Asian nations, this breach carries significant implications. Regional states increasingly rely on nuclear and other critical infrastructure shared with Indian contractors and supply chain partners, creating potential cascading vulnerabilities across South Asia's energy and security infrastructure. The incident underscores broader digital security deficiencies affecting large portions of South Asia's private and public sectors, where inadequate cybersecurity investment, insufficient workforce training, and fragmented regulatory frameworks create persistent exposure to state-sponsored and commercial ransomware operators. Governments throughout the region must consider whether current protective frameworks adequately safeguard sensitive information concerning their own critical infrastructure projects and partnerships.
