Nuclear Security Breach: Sensitive Kudankulam Plant Data Leaked on Dark Web
DNI SUMMARY — KEY POINTS
- A ransomware group called World Leaks has published over 19,000 files allegedly containing sensitive blueprints and contractor data from the Kudankulam Nuclear Power Plant.
- The data, reportedly stolen from a Reliance Group server hosted by Yotta, includes engineering schematics, inspection reports, and supplier lists for the facility.
- Official investigations are currently underway by the Nuclear Power Corporation of India and CERT-In to determine the full scope of the security compromise.
- Cybersecurity experts warn that although core reactor systems appear untouched, the leaked documents could expose critical support infrastructure and plant security vulnerabilities.
- The Indian government has been notified of the breach, though agencies have remained largely silent regarding the specific details of the compromised information.
Critical infrastructure security in India faces intense scrutiny following a significant data breach involving the Kudankulam Nuclear Power Plant. Thousands of sensitive documents, allegedly containing technical blueprints and administrative records, have appeared on the dark web after being released by a ransomware syndicate known as World Leaks. This incident highlights profound vulnerabilities within the digital supply chain, as the exposed data purportedly originated from a third-party server managed by an external contractor. The potential for such information to be weaponized has prompted urgent concern among national security analysts and regional stakeholders.
Cybersecurity Failure at Contractor Servers
The breach reportedly stems from a security failure at a server managed by Reliance Group, which serves as a key contractor for the expansion of the facility. The company confirmed that a partial compromise occurred on a platform hosted by Yotta, a third-party data center provider, despite claims that suspicious activity was detected and mitigated in late May. While the exact volume of stolen data remains a subject of investigation, sources suggest the leaked cache represents only a fraction of a much larger, unauthorized collection of nearly 858,000 files.
The leaked materials reportedly include detailed engineering drawings for ventilation and cooling systems, alongside floor layouts for common control rooms. These documents, spanning the period from 2016 to 2025, offer an unprecedented glimpse into the logistical and structural planning of the plant's ongoing expansion, specifically targeting Units 3 and 4. Although the core reactor systems supplied by the Russian entity Rosatom do not appear to be included in the leak, the secondary data could theoretically assist hostile actors in identifying structural or operational weak points.
The leaked collection reportedly contains approximately 19,000 files originating from a larger cache of over 858,000 documents.
Detailed Blueprints Exposed Online
Industry analysts and nuclear safety specialists emphasize that the risk extends far beyond the immediate digital leak. By identifying the network of vendors, insurance providers, and inspection teams involved in the project, malicious entities could gain actionable intelligence on the facility's procurement and security apparatus. This type of information is considered highly valuable for those seeking to map the physical and digital defenses of critical infrastructure, potentially leading to targeted sabotage or sophisticated social engineering campaigns against key project personnel or supply chain stakeholders.
Government agencies, including the Nuclear Power Corporation of India, have initiated a comprehensive investigation in collaboration with the Indian Computer Emergency Response Team. Despite the gravity of the situation, the authorities have maintained a limited public stance, providing few details on the mitigation strategies currently being deployed. This silence has fueled ongoing speculation regarding the actual severity of the breach and the adequacy of the cybersecurity protocols protecting India's most vital energy assets from persistent cyber warfare threats.
Assessing Potential National Security Risks
This incident marks the second major security concern for the facility, following a 2019 malware infiltration that affected its administrative network. That previous event, which was reportedly linked to North Korean hackers, served as a stark warning about the persistent interest of state-sponsored groups in the Indian energy sector. The recurrence of such events suggests that legacy security measures may be insufficient to combat the evolving tactics of modern ransomware groups who specifically target the intersection of corporate data and national security assets.
Units 3 and 4 of the Kudankulam project are currently under construction and are slated to reach full operation by 2027.
The broader implications for the energy sector are significant, as India continues to expand its reliance on nuclear power to meet growing domestic demand. Protecting the integrity of the supply chain has become a paramount challenge for policy makers and corporate partners involved in these complex engineering projects. The reliance on third-party servers and interconnected digital ecosystems creates a sprawling attack surface that is difficult to secure, particularly when proprietary data is dispersed across various platforms and external administrative environments.
Strengthening Infrastructure Against Future Threats
Moving forward, the focus will likely shift toward implementing more stringent digital hygiene practices and mandatory cybersecurity auditing for all contractors involved in the project. As investigators continue to sift through the leaked files to verify their authenticity, the focus remains on closing the security gaps that allowed such a massive cache of data to be exfiltrated. Ensuring the resilience of these facilities is essential to prevent potential cascading failures that could impact the stability of the national power grid during critical operations.
KEY TAKEAWAYS
Cybersecurity experts note that the exposed documents detail ventilation and cooling systems which could be used to map plant vulnerabilities.
This incident follows a 2019 breach where malware was discovered on the administrative network of the nuclear facility.

